From 0aef9713822d49e2536cc896f9e93b9ef198fdda Mon Sep 17 00:00:00 2001 From: psubram3 Date: Thu, 24 Jul 2025 12:57:51 -0700 Subject: [PATCH 1/7] update users metadata Co-authored-by: Pranav Subramanian Co-authored-by: Jonathan Morton --- .../databases/tables/permissions/users.yaml | 28 +++++++++++++++---- 1 file changed, 22 insertions(+), 6 deletions(-) diff --git a/deployment/hasura/metadata/databases/tables/permissions/users.yaml b/deployment/hasura/metadata/databases/tables/permissions/users.yaml index c6e6469cf9..7ffe7d04b7 100644 --- a/deployment/hasura/metadata/databases/tables/permissions/users.yaml +++ b/deployment/hasura/metadata/databases/tables/permissions/users.yaml @@ -4,32 +4,48 @@ table: configuration: custom_name: "users" select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: [username] filter: {} allow_aggregations: true - - role: viewer + - role: 3-viewer permission: columns: [username] filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [username, default_role] check: {} + - role: 2-user + permission: + columns: [username, default_role] + check: {"username":{"_eq":"X-Hasura-User-Id"}} + - role: 3-viewer + permission: + columns: [username, default_role] + check: {"username":{"_eq":"X-Hasura-User-Id"}} update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [username, default_role] filter: {} + - role: 2-user + permission: + columns: [username, default_role] + filter: {"username":{"_eq":"X-Hasura-User-Id"}} + - role: 3-viewer + permission: + columns: [username, default_role] + filter: {"username":{"_eq":"X-Hasura-User-Id"}} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} From 33654f74e486452e77fb11bbbf7d3f5d960dc554 Mon Sep 17 00:00:00 2001 From: psubram3 Date: Thu, 14 Aug 2025 13:55:54 -0700 Subject: [PATCH 2/7] add local keycloak instance for testing Co-authored-by: Pranav Subramanian Co-authored-by: Jonathan Morton --- docker-compose.yml | 54 ++++++++----- e2e-tests/oauth/realm-export.json | 130 ++++++++++++++++++++++++++++++ 2 files changed, 165 insertions(+), 19 deletions(-) create mode 100644 e2e-tests/oauth/realm-export.json diff --git a/docker-compose.yml b/docker-compose.yml index 404f2094eb..fe331aa928 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -28,7 +28,7 @@ services: - aerie_file_store:/usr/src/app/action_file_store aerie_gateway: container_name: aerie_gateway - depends_on: ["postgres"] + depends_on: ["postgres", "keycloak"] environment: AUTH_TYPE: none AUTH_URL: https://atb-ocio-12b.jpl.nasa.gov:8443/cam-api @@ -43,7 +43,10 @@ services: AERIE_DB_PORT: 5432 GATEWAY_DB_USER: "${GATEWAY_USERNAME}" GATEWAY_DB_PASSWORD: "${GATEWAY_PASSWORD}" - image: "ghcr.io/nasa-ammos/aerie-gateway:develop" +# image: "aerie-gateway:no-auth-1" + build: + context: ../../NASA-AMMOS/aerie-gateway + dockerfile: Dockerfile ports: ["9000:9000"] restart: always volumes: @@ -154,22 +157,22 @@ services: restart: always volumes: - workspace_file_store:/usr/src/ws - aerie_ui: - container_name: aerie_ui - depends_on: ["postgres"] - environment: - NODE_TLS_REJECT_UNAUTHORIZED: "0" - PUBLIC_AERIE_FILE_STORE_PREFIX: "/usr/src/app/merlin_file_store/" - ORIGIN: http://localhost - PUBLIC_GATEWAY_CLIENT_URL: http://localhost:9000 - PUBLIC_GATEWAY_SERVER_URL: http://aerie_gateway:9000 - PUBLIC_HASURA_CLIENT_URL: http://localhost:8080/v1/graphql - PUBLIC_HASURA_SERVER_URL: http://hasura:8080/v1/graphql - PUBLIC_HASURA_WEB_SOCKET_URL: ws://localhost:8080/v1/graphql - PUBLIC_COMMAND_EXPANSION_MODE: "typescript" - image: "ghcr.io/nasa-ammos/aerie-ui:develop" - ports: ["80:80"] - restart: always +# aerie_ui: +# container_name: aerie_ui +# depends_on: ["postgres"] +# environment: +# NODE_TLS_REJECT_UNAUTHORIZED: "0" +# PUBLIC_AERIE_FILE_STORE_PREFIX: "/usr/src/app/merlin_file_store/" +# ORIGIN: http://localhost +# PUBLIC_GATEWAY_CLIENT_URL: http://localhost:9000 +# PUBLIC_GATEWAY_SERVER_URL: http://aerie_gateway:9000 +# PUBLIC_HASURA_CLIENT_URL: http://localhost:8080/v1/graphql +# PUBLIC_HASURA_SERVER_URL: http://hasura:8080/v1/graphql +# PUBLIC_HASURA_WEB_SOCKET_URL: ws://localhost:8080/v1/graphql +# PUBLIC_COMMAND_EXPANSION_MODE: "typescript" +# image: "ghcr.io/nasa-ammos/aerie-ui:develop" +# ports: ["80:80"] +# restart: always aerie_merlin_worker_1: build: context: ./merlin-worker @@ -270,9 +273,22 @@ services: restart: always volumes: - aerie_file_store:/usr/src/app/merlin_file_store:ro + keycloak: + image: quay.io/keycloak/keycloak:latest + container_name: aerie_keycloak + ports: + - "8000:8000" + environment: + KC_BOOTSTRAP_ADMIN_USERNAME: kcadmin + KC_BOOTSTRAP_ADMIN_PASSWORD: kcadmin + KC_HTTP_PORT: 8000 + KC_FEATURES: scripts # would be nice to make x-hasura-default-role work right but I'm having issues with this + command: [ "start-dev", "--import-realm" ] + volumes: + - ./e2e-tests/oauth/realm-export.json:/opt/keycloak/data/import/realm-export.json hasura: container_name: aerie_hasura - depends_on: ["postgres"] + depends_on: ["postgres", "keycloak"] environment: AERIE_DATABASE_URL: "postgres://${AERIE_USERNAME}:${AERIE_PASSWORD}@postgres:5432/aerie?options=-c%20search_path%3Dutil_functions%2Chasura%2Cpermissions%2Ctags%2Cmerlin%2Cscheduler%2Csequencing%2Cactions%2Cpublic" AERIE_MERLIN_URL: "http://aerie_merlin:27183" diff --git a/e2e-tests/oauth/realm-export.json b/e2e-tests/oauth/realm-export.json new file mode 100644 index 0000000000..b67b47c607 --- /dev/null +++ b/e2e-tests/oauth/realm-export.json @@ -0,0 +1,130 @@ +{ + "id": "aerie-dev", + "realm": "aerie-dev", + "enabled": "true", + "defaultSignatureAlgorithm": "RS256", + "clients": [ + { + "id": "aerie", + "clientId": "aerie", + "enabled": "true", + "redirectUris": ["*"], + "publicClient": true, + "protocol": "openid-connect", + "standardFlowEnabled": true, + "attributes": { + "access.token.lifespan": "20", + "refresh.token.lifespan": "1800", + "client.session.idle.timeout": "1800", + "client.session.max.lifespan": "3600", + "pkce.code.challenge.method": "S256", + "token.endpoint.auth.signing.max.exp": "60" + }, + "protocolMappers": [ + { + "name": "x-hasura-allowed-roles", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "true", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "lightweight.claim": "false", + "access.token.claim": "true", + "claim.name": "https://hasura\\.io/jwt/claims.x-hasura-allowed-roles", + "jsonType.label": "String", + "usermodel.clientRoleMapping.clientId": "aerie" + } + }, + { + "name": "x-hasura-user-id", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-property-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "userinfo.token.claim": "true", + "user.attribute": "id", + "id.token.claim": "true", + "lightweight.claim": "false", + "access.token.claim": "true", + "claim.name": "https://hasura\\.io/jwt/claims.x-hasura-user-id", + "jsonType.label": "String" + } + }, + { + "name": "x-hasura-default-role", + "protocol": "openid-connect", + "protocolMapper": "oidc-usermodel-client-role-mapper", + "consentRequired": false, + "config": { + "introspection.token.claim": "true", + "multivalued": "false", + "userinfo.token.claim": "true", + "id.token.claim": "true", + "lightweight.claim": "false", + "access.token.claim": "true", + "claim.name": "https://hasura\\.io/jwt/claims.x-hasura-default-role", + "jsonType.label": "String", + "usermodel.clientRoleMapping.clientId": "aerie" + } + } + ] + } + ], + "users": [ + { + "username": "AerieAdmin", + "enabled": "true", + "email": "AerieAdmin@aerie-dev.gov", + "firstName": "Admin", + "lastName": "Aerie", + "emailVerified": "true", + "credentials": [ + { + "type": "password", + "value": "password" + } + ], + "clientRoles": { + "aerie": ["3-viewer", "2-user", "1-aerie_admin"] + } + }, + { + "username": "AerieUser", + "enabled": "true", + "email": "AerieUser@aerie-dev.gov", + "firstName": "User", + "lastName": "Aerie", + "emailVerified": "true", + "credentials": [ + { + "type": "password", + "value": "password" + } + ], + "clientRoles": { + "aerie": ["3-viewer", "2-user"] + } + }, + { + "username": "AerieViewer", + "enabled": "true", + "email": "AerieViewer@aerie-dev.gov", + "firstName": "Viewer", + "lastName": "Aerie", + "emailVerified": "true", + "credentials": [ + { + "type": "password", + "value": "password" + } + ], + "clientRoles": { + "aerie": ["3-viewer"] + } + } + ] +} From bc549a7e3c63bbedc3eda0bb701615711d50e096 Mon Sep 17 00:00:00 2001 From: psubram3 Date: Thu, 14 Aug 2025 13:57:23 -0700 Subject: [PATCH 3/7] sort of required for things to work -> map user roles to have number prefix Co-authored-by: Pranav Subramanian Co-authored-by: Jonathan Morton --- deployment/hasura/metadata/actions.yaml | 124 +++++++++--------- .../databases/functions/functions.yaml | 110 ++++++++-------- .../tables/actions/action_definition.yaml | 12 +- .../databases/tables/actions/action_run.yaml | 16 +-- .../hasura/begin_merge_return_value.yaml | 4 +- .../hasura/cancel_merge_return_value.yaml | 4 +- ...l_compatibility_for_plan_return_value.yaml | 4 +- ...heck_model_compatibility_return_value.yaml | 4 +- .../hasura/commit_merge_return_value.yaml | 4 +- .../hasura/create_merge_return_value.yaml | 4 +- .../hasura/create_snapshot_return_value.yaml | 4 +- .../hasura/delete_anchor_return_value.yaml | 4 +- .../hasura/deny_merge_return_value.yaml | 4 +- .../hasura/duplicate_plan_return_value.yaml | 4 +- ...t_conflicting_activities_return_value.yaml | 4 +- ...n_conflicting_activities_return_value.yaml | 4 +- .../hasura/get_plan_history_return_value.yaml | 4 +- .../migrate_plan_to_model_return_value.yaml | 4 +- .../hasura/refresh_activity_type_logs.yaml | 6 +- .../hasura/refresh_model_parameter_logs.yaml | 6 +- .../hasura/refresh_resource_types_logs.yaml | 6 +- ...resource_at_start_offset_return_value.yaml | 4 +- .../withdraw_merge_request_return_value.yaml | 4 +- .../activity_directive.yaml | 18 +-- .../activity_directive_changelog.yaml | 10 +- .../activity_directive_extended.yaml | 6 +- .../activity_directive_metadata_schema.yaml | 16 +-- .../activity_directive_validations.yaml | 8 +- .../activity_directive/activity_presets.yaml | 18 +-- .../anchor_validation_status.yaml | 8 +- .../preset_to_directive.yaml | 12 +- .../tables/merlin/activity_type.yaml | 12 +- .../constraints/constraint_definition.yaml | 16 +-- .../constraints/constraint_metadata.yaml | 18 +-- .../constraint_model_specification.yaml | 18 +-- .../constraints/constraint_request.yaml | 8 +- .../constraints/constraint_results.yaml | 8 +- .../merlin/constraints/constraint_run.yaml | 8 +- .../constraints/constraint_specification.yaml | 18 +-- .../tables/merlin/dataset/dataset.yaml | 10 +- .../tables/merlin/dataset/event.yaml | 8 +- .../tables/merlin/dataset/profile.yaml | 8 +- .../merlin/dataset/profile_segment.yaml | 8 +- .../merlin/dataset/resource_profile_view.yaml | 8 +- .../databases/tables/merlin/dataset/span.yaml | 8 +- .../tables/merlin/dataset/topic.yaml | 8 +- .../tables/merlin/derivation_group.yaml | 14 +- .../tables/merlin/derived_events.yaml | 6 +- .../tables/merlin/external_event.yaml | 12 +- .../tables/merlin/external_event_type.yaml | 10 +- .../tables/merlin/external_source.yaml | 14 +- .../tables/merlin/external_source_type.yaml | 10 +- .../merging/conflicting_activities.yaml | 10 +- .../tables/merlin/merging/merge_request.yaml | 8 +- .../merlin/merging/merge_request_comment.yaml | 18 +-- .../merlin/merging/merge_staging_area.yaml | 6 +- .../tables/merlin/mission_model.yaml | 12 +- .../merlin/mission_model_parameters.yaml | 10 +- .../databases/tables/merlin/plan.yaml | 18 +-- .../tables/merlin/plan_collaborators.yaml | 14 +- .../databases/tables/merlin/plan_dataset.yaml | 10 +- .../tables/merlin/plan_derivation_group.yaml | 18 +-- .../tables/merlin/resource_type.yaml | 8 +- .../simulation/simulated_activity_view.yaml | 6 +- .../tables/merlin/simulation/simulation.yaml | 12 +- .../merlin/simulation/simulation_dataset.yaml | 14 +- .../merlin/simulation/simulation_extent.yaml | 8 +- .../simulation/simulation_template.yaml | 18 +-- .../tables/merlin/snapshot/plan_snapshot.yaml | 12 +- .../snapshot/plan_snapshot_activities.yaml | 8 +- .../preset_to_snapshot_directive.yaml | 8 +- .../tables/merlin/uploaded_file.yaml | 8 +- .../migrations/applied_migrations_view.yaml | 2 +- .../permissions/user_role_permission.yaml | 10 +- .../tables/permissions/user_roles.yaml | 12 +- .../permissions/users_allowed_roles.yaml | 12 +- .../permissions/users_and_roles_view.yaml | 6 +- .../scheduling_condition_definition.yaml | 16 +-- .../scheduling_condition_metadata.yaml | 18 +-- .../scheduler/scheduling_goal_definition.yaml | 16 +-- .../scheduler/scheduling_goal_metadata.yaml | 18 +-- .../scheduling_goal_analysis.yaml | 10 +- ...ling_goal_analysis_created_activities.yaml | 8 +- ...g_goal_analysis_satisfying_activities.yaml | 8 +- .../scheduling_run/scheduling_request.yaml | 14 +- ...duling_model_specification_conditions.yaml | 18 +-- .../scheduling_model_specification_goals.yaml | 18 +-- .../scheduling_specification.yaml | 18 +-- .../scheduling_specification_conditions.yaml | 18 +-- .../scheduling_specification_goals.yaml | 18 +-- .../activity_instance_commands.yaml | 8 +- .../tables/sequencing/channel_dictionary.yaml | 10 +- .../tables/sequencing/command_dictionary.yaml | 8 +- .../tables/sequencing/expanded_sequences.yaml | 8 +- .../tables/sequencing/expanded_templates.yaml | 8 +- .../tables/sequencing/expansion_rule.yaml | 18 +-- .../tables/sequencing/expansion_run.yaml | 10 +- .../tables/sequencing/expansion_set.yaml | 14 +- .../sequencing/expansion_set_rule_view.yaml | 6 +- .../sequencing/expansion_set_to_rule.yaml | 6 +- .../sequencing/parameter_dictionary.yaml | 10 +- .../databases/tables/sequencing/parcel.yaml | 12 +- .../parcel_to_parameter_dictionary.yaml | 10 +- .../sequencing/rule_expansion_set_view.yaml | 6 +- .../databases/tables/sequencing/sequence.yaml | 16 +-- .../sequencing/sequence_adaptation.yaml | 12 +- .../tables/sequencing/sequence_filter.yaml | 16 +-- .../tables/sequencing/sequence_template.yaml | 18 +-- .../sequence_to_simulated_activity.yaml | 18 +-- .../tables/sequencing/workspace.yaml | 10 +- .../sequencing/workspace_collaborators.yaml | 14 +- .../tables/tags/activity_directive_tags.yaml | 14 +- .../tags/constraint_definition_tags.yaml | 14 +- .../tables/tags/constraint_tags.yaml | 14 +- .../tables/tags/expansion_rule_tags.yaml | 14 +- .../tables/tags/plan_snapshot_tags.yaml | 14 +- .../databases/tables/tags/plan_tags.yaml | 14 +- .../scheduling_condition_definition_tags.yaml | 14 +- .../tags/scheduling_condition_tags.yaml | 14 +- .../tags/scheduling_goal_definition_tags.yaml | 14 +- .../tables/tags/scheduling_goal_tags.yaml | 14 +- .../tables/tags/snapshot_activity_tags.yaml | 8 +- .../metadata/databases/tables/tags/tags.yaml | 18 +-- .../databases/tables/ui/extension_roles.yaml | 12 +- .../databases/tables/ui/extensions.yaml | 12 +- .../ui/file_extension_content_type.yaml | 12 +- .../metadata/databases/tables/ui/view.yaml | 18 +-- .../Aerie/23_plan_model_migration/down.sql | 4 +- .../sql/default_user_roles.sql | 14 +- .../permissions/get_function_permissions.sql | 4 +- .../aerie/permissions/PermissionsService.java | 2 +- 131 files changed, 809 insertions(+), 809 deletions(-) diff --git a/deployment/hasura/metadata/actions.yaml b/deployment/hasura/metadata/actions.yaml index e78f24227b..5a431f4e01 100644 --- a/deployment/hasura/metadata/actions.yaml +++ b/deployment/hasura/metadata/actions.yaml @@ -5,218 +5,218 @@ actions: handler: "{{AERIE_MERLIN_URL}}/addExternalDataset" timeout: 300 permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - name: extendExternalDataset definition: kind: synchronous handler: "{{AERIE_MERLIN_URL}}/extendExternalDataset" timeout: 300 permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - name: uploadDictionary definition: kind: synchronous handler: "{{AERIE_SEQUENCING_URL}}/put-dictionary" timeout: 300 permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - name: addCommandExpansionTypeScript definition: kind: synchronous handler: "{{AERIE_SEQUENCING_URL}}/command-expansion/put-expansion" timeout: 300 permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - name: assignActivitiesByFilter definition: kind: synchronous handler: "{{AERIE_SEQUENCING_URL}}/command-expansion/assign-activities-by-filter" timeout: 300 permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - name: addTemplate definition: kind: synchronous handler: "{{AERIE_SEQUENCING_URL}}/command-expansion/put-template" timeout: 300 permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - name: createExpansionSet definition: kind: synchronous handler: "{{AERIE_SEQUENCING_URL}}/command-expansion/put-expansion-set" timeout: 300 permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - name: expandAllActivities definition: kind: synchronous handler: "{{AERIE_SEQUENCING_URL}}/command-expansion/expand-all-activity-instances" timeout: 300 permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - name: expandAllTemplates definition: kind: synchronous handler: "{{AERIE_SEQUENCING_URL}}/command-expansion/expand-all-sequence-templates" timeout: 300 permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - name: getModelEffectiveArguments definition: kind: "" handler: "{{AERIE_MERLIN_URL}}/getModelEffectiveArguments" timeout: 300 permissions: - - role: aerie_admin - - role: user - - role: viewer + - role: 1-aerie_admin + - role: 2-user + - role: 3-user - name: getActivityEffectiveArguments definition: kind: "" handler: "{{AERIE_MERLIN_URL}}/getActivityEffectiveArguments" timeout: 300 permissions: - - role: aerie_admin - - role: user - - role: viewer + - role: 1-aerie_admin + - role: 2-user + - role: 3-user - name: getActivityEffectiveArgumentsBulk definition: kind: "" handler: "{{AERIE_MERLIN_URL}}/getActivityEffectiveArgumentsBulk" timeout: 300 permissions: - - role: aerie_admin - - role: user - - role: viewer + - role: 1-aerie_admin + - role: 2-user + - role: 3-user - name: getActivityTypeScript definition: kind: "" handler: "{{AERIE_SEQUENCING_URL}}/get-activity-typescript" timeout: 300 permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - name: getCommandTypeScript definition: kind: "" handler: "{{AERIE_SEQUENCING_URL}}/get-command-typescript" timeout: 300 permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - name: getSequenceSeqJson definition: kind: "" handler: "{{AERIE_SEQUENCING_URL}}/seqjson/get-seqjson-for-seqid-and-simulation-dataset" timeout: 300 permissions: - - role: aerie_admin - - role: user - - role: viewer + - role: 1-aerie_admin + - role: 2-user + - role: 3-user - name: getSequenceSeqJsonBulk definition: kind: "" handler: "{{AERIE_SEQUENCING_URL}}/seqjson/bulk-get-seqjson-for-seqid-and-simulation-dataset" timeout: 300 permissions: - - role: aerie_admin - - role: user - - role: viewer + - role: 1-aerie_admin + - role: 2-user + - role: 3-user - name: resourceTypes definition: kind: "" handler: "{{AERIE_MERLIN_URL}}/resourceTypes" timeout: 300 permissions: - - role: aerie_admin - - role: user - - role: viewer + - role: 1-aerie_admin + - role: 2-user + - role: 3-user - name: schedule definition: kind: "" handler: "{{AERIE_SCHEDULER_URL}}/schedule" timeout: 300 permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - name: schedulingDslTypescript definition: kind: "" handler: "{{AERIE_SCHEDULER_URL}}/schedulingDslTypescript" timeout: 300 permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - name: constraintsDslTypescript definition: kind: "" handler: "{{AERIE_MERLIN_URL}}/constraintsDslTypescript" timeout: 300 permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - name: simulate definition: kind: "" handler: "{{AERIE_MERLIN_URL}}/getSimulationResults" timeout: 300 permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - name: resourceSamples definition: kind: "" handler: "{{AERIE_MERLIN_URL}}/resourceSamples" timeout: 300 permissions: - - role: aerie_admin - - role: user - - role: viewer + - role: 1-aerie_admin + - role: 2-user + - role: 3-user - name: constraintViolations definition: kind: "" handler: "{{AERIE_MERLIN_URL}}/constraintViolations" timeout: 300 permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - name: validateActivityArguments definition: kind: "" handler: "{{AERIE_MERLIN_URL}}/validateActivityArguments" timeout: 300 permissions: - - role: aerie_admin - - role: user - - role: viewer + - role: 1-aerie_admin + - role: 2-user + - role: 3-user - name: validateModelArguments definition: kind: "" handler: "{{AERIE_MERLIN_URL}}/validateModelArguments" timeout: 300 permissions: - - role: aerie_admin - - role: user - - role: viewer + - role: 1-aerie_admin + - role: 2-user + - role: 3-user - name: validatePlan definition: kind: "" handler: "{{AERIE_MERLIN_URL}}/validatePlan" timeout: 300 permissions: - - role: aerie_admin - - role: user - - role: viewer + - role: 1-aerie_admin + - role: 2-user + - role: 3-user custom_types: enums: - name: MerlinSimulationStatus diff --git a/deployment/hasura/metadata/databases/functions/functions.yaml b/deployment/hasura/metadata/databases/functions/functions.yaml index 5e5bfcd79b..2930744641 100644 --- a/deployment/hasura/metadata/databases/functions/functions.yaml +++ b/deployment/hasura/metadata/databases/functions/functions.yaml @@ -6,8 +6,8 @@ function: apply_preset_to_activity session_argument: hasura_session permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - function: name: begin_merge schema: hasura @@ -16,8 +16,8 @@ function: begin_merge session_argument: hasura_session permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - function: name: cancel_merge schema: hasura @@ -26,8 +26,8 @@ function: cancel_merge session_argument: hasura_session permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - function: name: create_merge_request schema: hasura @@ -36,8 +36,8 @@ function: create_merge_request session_argument: hasura_session permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - function: name: create_snapshot schema: hasura @@ -46,8 +46,8 @@ function: create_snapshot session_argument: hasura_session permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - function: name: commit_merge schema: hasura @@ -56,8 +56,8 @@ function: commit_merge session_argument: hasura_session permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - function: name: migrate_plan_to_model schema: hasura @@ -66,8 +66,8 @@ function: migrate_plan_to_model session_argument: hasura_session permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - function: name: check_model_compatibility schema: hasura @@ -75,8 +75,8 @@ custom_root_fields: function: check_model_compatibility permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - function: name: check_model_compatibility_for_plan schema: hasura @@ -84,8 +84,8 @@ custom_root_fields: function: check_model_compatibility_for_plan permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - function: name: delete_activity_by_pk_reanchor_plan_start schema: hasura @@ -94,8 +94,8 @@ function: delete_activity_by_pk_reanchor_plan_start session_argument: hasura_session permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - function: name: delete_activity_by_pk_reanchor_plan_start_bulk schema: hasura @@ -104,8 +104,8 @@ function: delete_activity_by_pk_reanchor_plan_start_bulk session_argument: hasura_session permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - function: name: delete_activity_by_pk_reanchor_to_anchor schema: hasura @@ -114,8 +114,8 @@ function: delete_activity_by_pk_reanchor_to_anchor session_argument: hasura_session permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - function: name: delete_activity_by_pk_reanchor_to_anchor_bulk schema: hasura @@ -124,8 +124,8 @@ function: delete_activity_by_pk_reanchor_to_anchor_bulk session_argument: hasura_session permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - function: name: delete_activity_by_pk_delete_subtree schema: hasura @@ -134,8 +134,8 @@ function: delete_activity_by_pk_delete_subtree session_argument: hasura_session permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - function: name: delete_activity_by_pk_delete_subtree_bulk schema: hasura @@ -144,8 +144,8 @@ function: delete_activity_by_pk_delete_subtree_bulk session_argument: hasura_session permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - function: name: deny_merge schema: hasura @@ -154,8 +154,8 @@ function: deny_merge session_argument: hasura_session permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - function: name: duplicate_plan schema: hasura @@ -164,8 +164,8 @@ function: duplicate_plan session_argument: hasura_session permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - function: name: get_conflicting_activities schema: hasura @@ -175,9 +175,9 @@ session_argument: hasura_session exposed_as: query permissions: - - role: aerie_admin - - role: user - - role: viewer + - role: 1-aerie_admin + - role: 2-user + - role: 3-user - function: name: get_non_conflicting_activities schema: hasura @@ -187,9 +187,9 @@ session_argument: hasura_session exposed_as: query permissions: - - role: aerie_admin - - role: user - - role: viewer + - role: 1-aerie_admin + - role: 2-user + - role: 3-user - function: name: get_plan_history schema: hasura @@ -198,17 +198,17 @@ function: get_plan_history session_argument: hasura_session permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - function: name: get_resources_at_start_offset schema: hasura configuration: custom_name: getResourcesAtStartOffset permissions: - - role: aerie_admin - - role: user - - role: viewer + - role: 1-aerie_admin + - role: 2-user + - role: 3-user - function: name: restore_activity_changelog schema: hasura @@ -216,8 +216,8 @@ custom_name: restoreActivityFromChangelog session_argument: hasura_session permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - function: name: restore_from_snapshot schema: hasura @@ -226,8 +226,8 @@ function: restore_from_snapshot session_argument: hasura_session permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - function: name: set_resolution schema: hasura @@ -236,8 +236,8 @@ function: set_resolution session_argument: hasura_session permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - function: name: set_resolution_bulk schema: hasura @@ -246,8 +246,8 @@ function: set_resolution_bulk session_argument: hasura_session permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user - function: name: withdraw_merge_request schema: hasura @@ -256,5 +256,5 @@ function: withdraw_merge_request session_argument: hasura_session permissions: - - role: aerie_admin - - role: user + - role: 1-aerie_admin + - role: 2-user diff --git a/deployment/hasura/metadata/databases/tables/actions/action_definition.yaml b/deployment/hasura/metadata/databases/tables/actions/action_definition.yaml index 340157fd5d..72ae3183fb 100644 --- a/deployment/hasura/metadata/databases/tables/actions/action_definition.yaml +++ b/deployment/hasura/metadata/databases/tables/actions/action_definition.yaml @@ -11,23 +11,23 @@ object_relationships: using: foreign_key_constraint_on: action_file_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: "*" filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: "*" filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: "*" filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [name, description, action_file_id, workspace_id] check: {} @@ -35,13 +35,13 @@ insert_permissions: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [name, description, action_file_id, parameter_schema, settings_schema, settings, owner, workspace_id] filter: {} set: updated_by: "x-hasura-user-id" delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/actions/action_run.yaml b/deployment/hasura/metadata/databases/tables/actions/action_run.yaml index 103c275c51..7ff8bd6bc0 100644 --- a/deployment/hasura/metadata/databases/tables/actions/action_run.yaml +++ b/deployment/hasura/metadata/databases/tables/actions/action_run.yaml @@ -8,44 +8,44 @@ object_relationships: using: foreign_key_constraint_on: action_definition_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: "*" filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: "*" filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: "*" filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [settings, parameters, action_definition_id] check: {} set: requested_by: "x-hasura-user-id" - - role: user + - role: 2-user permission: columns: [settings, parameters, action_definition_id] check: {} set: requested_by: "x-hasura-user-id" update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [logs, error, results, status, canceled] filter: {} - - role: user + - role: 2-user permission: columns: [canceled] filter: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/begin_merge_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/begin_merge_return_value.yaml index 6487bb1640..8c8bce7697 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/begin_merge_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/begin_merge_return_value.yaml @@ -2,11 +2,11 @@ table: name: begin_merge_return_value schema: hasura select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} - - role: user + - role: 2-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/cancel_merge_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/cancel_merge_return_value.yaml index e7c4e90f2a..730a0af305 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/cancel_merge_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/cancel_merge_return_value.yaml @@ -2,11 +2,11 @@ table: name: cancel_merge_return_value schema: hasura select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} - - role: user + - role: 2-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/check_model_compatibility_for_plan_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/check_model_compatibility_for_plan_return_value.yaml index cb4a6b937d..2dae363d5a 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/check_model_compatibility_for_plan_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/check_model_compatibility_for_plan_return_value.yaml @@ -2,11 +2,11 @@ table: name: check_model_compatibility_for_plan_return_value schema: hasura select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} - - role: user + - role: 2-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/check_model_compatibility_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/check_model_compatibility_return_value.yaml index ae353ec7e8..a1766ed1f8 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/check_model_compatibility_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/check_model_compatibility_return_value.yaml @@ -2,11 +2,11 @@ table: name: check_model_compatibility_return_value schema: hasura select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} - - role: user + - role: 2-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/commit_merge_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/commit_merge_return_value.yaml index e90327f847..fd72489ffd 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/commit_merge_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/commit_merge_return_value.yaml @@ -2,11 +2,11 @@ table: name: commit_merge_return_value schema: hasura select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} - - role: user + - role: 2-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/create_merge_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/create_merge_return_value.yaml index aa2a9689bd..8be288bc9b 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/create_merge_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/create_merge_return_value.yaml @@ -2,11 +2,11 @@ table: name: create_merge_request_return_value schema: hasura select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} - - role: user + - role: 2-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/create_snapshot_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/create_snapshot_return_value.yaml index 58c33454e1..9ee4094eed 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/create_snapshot_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/create_snapshot_return_value.yaml @@ -2,11 +2,11 @@ table: name: create_snapshot_return_value schema: hasura select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} - - role: user + - role: 2-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/delete_anchor_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/delete_anchor_return_value.yaml index 0824fcbdd2..70e84e1842 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/delete_anchor_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/delete_anchor_return_value.yaml @@ -2,11 +2,11 @@ table: name: delete_anchor_return_value schema: hasura select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} - - role: user + - role: 2-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/deny_merge_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/deny_merge_return_value.yaml index 7d929113af..e27a48e937 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/deny_merge_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/deny_merge_return_value.yaml @@ -2,11 +2,11 @@ table: name: deny_merge_return_value schema: hasura select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} - - role: user + - role: 2-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/duplicate_plan_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/duplicate_plan_return_value.yaml index 52a63f53a9..60b426c68a 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/duplicate_plan_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/duplicate_plan_return_value.yaml @@ -2,11 +2,11 @@ table: name: duplicate_plan_return_value schema: hasura select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} - - role: user + - role: 2-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/get_conflicting_activities_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/get_conflicting_activities_return_value.yaml index d06f90a646..5d2d58d41c 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/get_conflicting_activities_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/get_conflicting_activities_return_value.yaml @@ -2,11 +2,11 @@ table: name: get_conflicting_activities_return_value schema: hasura select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} - - role: user + - role: 2-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/get_non_conflicting_activities_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/get_non_conflicting_activities_return_value.yaml index 6d4185dfb7..4001720591 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/get_non_conflicting_activities_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/get_non_conflicting_activities_return_value.yaml @@ -2,11 +2,11 @@ table: name: get_non_conflicting_activities_return_value schema: hasura select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} - - role: user + - role: 2-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/get_plan_history_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/get_plan_history_return_value.yaml index 1e6d79fa9e..9dec8e794d 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/get_plan_history_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/get_plan_history_return_value.yaml @@ -2,11 +2,11 @@ table: name: get_plan_history_return_value schema: hasura select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} - - role: user + - role: 2-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/migrate_plan_to_model_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/migrate_plan_to_model_return_value.yaml index 7aa1b0ef24..5dbaab226d 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/migrate_plan_to_model_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/migrate_plan_to_model_return_value.yaml @@ -2,11 +2,11 @@ table: name: migrate_plan_to_model_return_value schema: hasura select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} - - role: user + - role: 2-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/refresh_activity_type_logs.yaml b/deployment/hasura/metadata/databases/tables/hasura/refresh_activity_type_logs.yaml index 76c4dfab77..7139a15ba2 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/refresh_activity_type_logs.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/refresh_activity_type_logs.yaml @@ -13,17 +13,17 @@ object_relationships: column_mapping: model_id: id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/refresh_model_parameter_logs.yaml b/deployment/hasura/metadata/databases/tables/hasura/refresh_model_parameter_logs.yaml index 71d4b3def9..85efa88cae 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/refresh_model_parameter_logs.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/refresh_model_parameter_logs.yaml @@ -13,17 +13,17 @@ object_relationships: column_mapping: model_id: id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/refresh_resource_types_logs.yaml b/deployment/hasura/metadata/databases/tables/hasura/refresh_resource_types_logs.yaml index a442e8b65e..2f82b4d0ad 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/refresh_resource_types_logs.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/refresh_resource_types_logs.yaml @@ -13,17 +13,17 @@ object_relationships: column_mapping: model_id: id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/resource_at_start_offset_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/resource_at_start_offset_return_value.yaml index a66a43320c..52da91c7e7 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/resource_at_start_offset_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/resource_at_start_offset_return_value.yaml @@ -2,11 +2,11 @@ table: name: resource_at_start_offset_return_value schema: hasura select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} - - role: user + - role: 2-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/withdraw_merge_request_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/withdraw_merge_request_return_value.yaml index 451e744986..55ada1da61 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/withdraw_merge_request_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/withdraw_merge_request_return_value.yaml @@ -2,11 +2,11 @@ table: name: withdraw_merge_request_return_value schema: hasura select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} - - role: user + - role: 2-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive.yaml b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive.yaml index 252e00d129..2653dbf431 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive.yaml @@ -71,43 +71,43 @@ array_relationships: name: activity_directive_changelog schema: merlin select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [ name, start_offset, type, arguments, metadata, anchor_id, anchored_to_start, created_by ] filter: {} set: last_modified_by: "x-hasura-user-id" - - role: user + - role: 2-user permission: columns: [name, start_offset, arguments, metadata, anchor_id, anchored_to_start] filter: {"plan":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}} set: last_modified_by: "x-hasura-user-id" insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [name, start_offset, arguments, metadata, anchor_id, anchored_to_start, plan_id, type] check: {} set: last_modified_by: "x-hasura-user-id" created_by: "x-hasura-user-id" - - role: user + - role: 2-user permission: columns: [name, start_offset, arguments, metadata, anchor_id, anchored_to_start, plan_id, type] check: {"plan":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}} @@ -115,9 +115,9 @@ insert_permissions: last_modified_by: "x-hasura-user-id" created_by: "x-hasura-user-id" delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"plan":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}} diff --git a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_changelog.yaml b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_changelog.yaml index 67bc16c29e..0471dcd4b7 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_changelog.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_changelog.yaml @@ -10,28 +10,28 @@ object_relationships: - plan_id - activity_directive_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: - changed_by filter: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_extended.yaml b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_extended.yaml index b917e31299..b4632fcf02 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_extended.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_extended.yaml @@ -23,17 +23,17 @@ object_relationships: id: id plan_id: plan_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_metadata_schema.yaml b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_metadata_schema.yaml index 9b4ab68f95..b753ba1d19 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_metadata_schema.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_metadata_schema.yaml @@ -4,40 +4,40 @@ table: configuration: custom_name: "activity_directive_metadata_schema" select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [key, schema, created_at] check: {} - - role: user + - role: 2-user permission: columns: [key, schema, created_at] check: {} update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [key, schema, created_at] filter: {} - - role: user + - role: 2-user permission: columns: [key, schema, created_at] filter: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_validations.yaml b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_validations.yaml index 2912899fb9..7b19bef2eb 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_validations.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_validations.yaml @@ -4,22 +4,22 @@ table: configuration: custom_name: "activity_directive_validations" select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_presets.yaml b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_presets.yaml index ea9740fd75..5da4eb3038 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_presets.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_presets.yaml @@ -4,47 +4,47 @@ table: configuration: custom_name: "activity_presets" select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [model_id, name, associated_activity_type, arguments] check: {} set: owner: "x-hasura-user-id" - - role: user + - role: 2-user permission: columns: [model_id, name, associated_activity_type, arguments] check: {} set: owner: "x-hasura-user-id" update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [model_id, name, associated_activity_type, arguments, owner] filter: {} - - role: user + - role: 2-user permission: columns: [name, arguments, owner] filter: {"owner":{"_eq":"X-Hasura-User-Id"}} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"owner":{"_eq":"X-Hasura-User-Id"}} diff --git a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/anchor_validation_status.yaml b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/anchor_validation_status.yaml index ee30421f82..5fe6df2a01 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/anchor_validation_status.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/anchor_validation_status.yaml @@ -4,22 +4,22 @@ table: configuration: custom_name: "anchor_validation_status" select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/preset_to_directive.yaml b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/preset_to_directive.yaml index 5b797047be..1f329b3ceb 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/preset_to_directive.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/preset_to_directive.yaml @@ -13,31 +13,31 @@ object_relationships: using: foreign_key_constraint_on: preset_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' check: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"directive_applied_to":{"plan":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}}} # Insert/Update are controlled via a SQL function diff --git a/deployment/hasura/metadata/databases/tables/merlin/activity_type.yaml b/deployment/hasura/metadata/databases/tables/merlin/activity_type.yaml index 01681ca599..26839479ef 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/activity_type.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/activity_type.yaml @@ -26,32 +26,32 @@ array_relationships: name: expansion_rule schema: sequencing select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [model_id, name, parameters, required_parameters, computed_attributes_value_schema, subsystem] check: {} update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [model_id, name, parameters, required_parameters, computed_attributes_value_schema, subsystem] filter: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_definition.yaml b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_definition.yaml index 7f4625e416..99987e3f21 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_definition.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_definition.yaml @@ -36,12 +36,12 @@ array_relationships: name: constraint_definition_tags schema: tags select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' # Select is allowed if: @@ -61,7 +61,7 @@ select_permissions: {"owner":{"_eq":"X-Hasura-User-Id"}}, {"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}}]}}}]}} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {"metadata": {"_or":[ @@ -73,28 +73,28 @@ select_permissions: {"models_using":{"model":{"owner":{"_eq":"X-Hasura-User-Id"}}}}]}} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [constraint_id, definition, type, uploaded_jar_id] check: {} set: author: "x-hasura-user-id" - - role: user + - role: 2-user permission: columns: [constraint_id, definition, type, uploaded_jar_id] check: {"_or":[{"metadata":{"public":{"_eq":true}}},{"metadata":{"owner":{"_eq":"X-Hasura-User-Id"}}}]} set: author: "x-hasura-user-id" update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [definition, author] filter: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"_or":[ diff --git a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_metadata.yaml b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_metadata.yaml index f147f89668..20085990c8 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_metadata.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_metadata.yaml @@ -33,12 +33,12 @@ array_relationships: name: constraint_specification schema: merlin select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' # Select is allowed if: @@ -58,7 +58,7 @@ select_permissions: {"owner":{"_eq":"X-Hasura-User-Id"}}, {"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}}]}}}]} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {"_or":[ @@ -70,14 +70,14 @@ select_permissions: {"models_using":{"model":{"owner":{"_eq":"X-Hasura-User-Id"}}}}]} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [name, description, public] check: {} set: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" - - role: user + - role: 2-user permission: columns: [name, description, public] check: {} @@ -85,13 +85,13 @@ insert_permissions: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [name, description, public, owner] filter: {} set: updated_by: "x-hasura-user-id" - - role: user + - role: 2-user permission: columns: [name, description, public, owner] filter: { "owner": { "_eq": "X-Hasura-User-Id" } } @@ -99,9 +99,9 @@ update_permissions: set: updated_by: "x-hasura-user-id" delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: { "owner": {"_eq": "X-Hasura-User-Id"} } diff --git a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_model_specification.yaml b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_model_specification.yaml index 62b7c96c51..af81e2e1be 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_model_specification.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_model_specification.yaml @@ -19,27 +19,27 @@ object_relationships: - constraint_id - constraint_revision select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [model_id, constraint_id, constraint_revision, priority, arguments] check: {} - - role: user + - role: 2-user permission: columns: [model_id, constraint_id, constraint_revision, priority, arguments] check: { "_and": [ @@ -47,18 +47,18 @@ insert_permissions: { "constraint_metadata": { "_or": [ { "public": { "_eq": true } }, { "owner": { "_eq": "X-Hasura-User-Id" } } ] } } ] } update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [constraint_revision, priority, arguments] filter: {} - - role: user + - role: 2-user permission: columns: [constraint_revision, priority, arguments] filter: {"model": {"owner": {"_eq": "X-Hasura-User-Id"}}} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"model": {"owner": {"_eq": "X-Hasura-User-Id"}}} diff --git a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_request.yaml b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_request.yaml index bb5fb1740a..57eb52d410 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_request.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_request.yaml @@ -19,22 +19,22 @@ array_relationships: name: constraint_run schema: merlin select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_results.yaml b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_results.yaml index 41d52902b5..f2121e9da8 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_results.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_results.yaml @@ -30,22 +30,22 @@ array_relationships: name: constraint_run schema: merlin select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_run.yaml b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_run.yaml index 579f6560cd..6fa7caffa8 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_run.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_run.yaml @@ -17,22 +17,22 @@ object_relationships: using: foreign_key_constraint_on: constraint_results_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_specification.yaml b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_specification.yaml index 00663f278f..14331dda6b 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_specification.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_specification.yaml @@ -27,27 +27,27 @@ array_relationships: name: constraint_run schema: merlin select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [plan_id, constraint_id, constraint_revision, enabled, arguments, priority] check: {} - - role: user + - role: 2-user permission: columns: [plan_id, constraint_id, constraint_revision, enabled, arguments, priority] check: { "_and": [ @@ -59,18 +59,18 @@ insert_permissions: { "owner": { "_eq": "X-Hasura-User-Id" } }, { "models_using": { "model": { "plans": { "id": { "_ceq": ["$","plan_id"] } } } } } ] } } ] } update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [constraint_revision, enabled, arguments, priority] filter: {} - - role: user + - role: 2-user permission: columns: [constraint_revision, enabled, arguments, priority] filter: { "plan": { "_or": [ { "owner": { "_eq": "X-Hasura-User-Id" } },{ "collaborators": { "collaborator": { "_eq": "X-Hasura-User-Id" }}}]}} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: { "plan": { "_or": [ { "owner": { "_eq": "X-Hasura-User-Id" } },{ "collaborators": { "collaborator": { "_eq": "X-Hasura-User-Id" }}}]}} diff --git a/deployment/hasura/metadata/databases/tables/merlin/dataset/dataset.yaml b/deployment/hasura/metadata/databases/tables/merlin/dataset/dataset.yaml index 5e77a14ee6..3f48abf1dc 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/dataset/dataset.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/dataset/dataset.yaml @@ -28,27 +28,27 @@ array_relationships: name: topic schema: merlin select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [revision] check: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/dataset/event.yaml b/deployment/hasura/metadata/databases/tables/merlin/dataset/event.yaml index 9d590fadc2..7786b43fe1 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/dataset/event.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/dataset/event.yaml @@ -4,22 +4,22 @@ table: configuration: custom_name: "event" select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/dataset/profile.yaml b/deployment/hasura/metadata/databases/tables/merlin/dataset/profile.yaml index 5a3d7e7669..52df789329 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/dataset/profile.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/dataset/profile.yaml @@ -14,22 +14,22 @@ array_relationships: id: profile_id dataset_id: dataset_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/dataset/profile_segment.yaml b/deployment/hasura/metadata/databases/tables/merlin/dataset/profile_segment.yaml index 922353a11e..499a012823 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/dataset/profile_segment.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/dataset/profile_segment.yaml @@ -4,22 +4,22 @@ table: configuration: custom_name: "profile_segment" select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/dataset/resource_profile_view.yaml b/deployment/hasura/metadata/databases/tables/merlin/dataset/resource_profile_view.yaml index 481cb08615..ae880ecf42 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/dataset/resource_profile_view.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/dataset/resource_profile_view.yaml @@ -21,22 +21,22 @@ object_relationships: column_mapping: profile_id: id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/dataset/span.yaml b/deployment/hasura/metadata/databases/tables/merlin/dataset/span.yaml index 95bd612db3..49293ede77 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/dataset/span.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/dataset/span.yaml @@ -26,22 +26,22 @@ array_relationships: name: span schema: merlin select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/dataset/topic.yaml b/deployment/hasura/metadata/databases/tables/merlin/dataset/topic.yaml index 93289e072b..60ed04b58a 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/dataset/topic.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/dataset/topic.yaml @@ -14,22 +14,22 @@ array_relationships: dataset_id: dataset_id topic_index: topic_index select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/derivation_group.yaml b/deployment/hasura/metadata/databases/tables/merlin/derivation_group.yaml index 295485faf3..ddfb54cf36 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/derivation_group.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/derivation_group.yaml @@ -25,38 +25,38 @@ array_relationships: column_mapping: name: derivation_group_name select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [name, source_type_name] check: {} set: owner: "x-hasura-user-id" - - role: user + - role: 2-user permission: columns: [name, source_type_name] check: {} set: owner: "x-hasura-user-id" delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"owner":{"_eq":"x-hasura-user-id"}} diff --git a/deployment/hasura/metadata/databases/tables/merlin/derived_events.yaml b/deployment/hasura/metadata/databases/tables/merlin/derived_events.yaml index bf2c3a87ef..04e56334c0 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/derived_events.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/derived_events.yaml @@ -25,17 +25,17 @@ object_relationships: source_key: source_key derivation_group_name: derivation_group_name select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/external_event.yaml b/deployment/hasura/metadata/databases/tables/merlin/external_event.yaml index 7e43df502f..9449d6ea0b 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/external_event.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/external_event.yaml @@ -13,31 +13,31 @@ object_relationships: using: foreign_key_constraint_on: event_type_name select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [key, event_type_name, source_key, derivation_group_name, start_time, duration, attributes] check: {} - - role: user + - role: 2-user permission: columns: [key, event_type_name, source_key, derivation_group_name, start_time, duration, attributes] check: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/external_event_type.yaml b/deployment/hasura/metadata/databases/tables/merlin/external_event_type.yaml index a3f6abde05..7c01158b98 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/external_event_type.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/external_event_type.yaml @@ -12,27 +12,27 @@ array_relationships: name: external_event schema: merlin select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [name, attribute_schema] check: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/external_source.yaml b/deployment/hasura/metadata/databases/tables/merlin/external_source.yaml index ba226b0376..75d9c73c95 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/external_source.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/external_source.yaml @@ -21,39 +21,39 @@ object_relationships: using: foreign_key_constraint_on: derivation_group_name select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [key, source_type_name, valid_at, start_time, end_time, derivation_group_name, created_at, attributes] check: {} set: owner: "x-hasura-user-id" - - role: user + - role: 2-user permission: columns: [key, source_type_name, valid_at, start_time, end_time, derivation_group_name, created_at, attributes] check: {} set: owner: "x-hasura-user-id" delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: { "_or": [ diff --git a/deployment/hasura/metadata/databases/tables/merlin/external_source_type.yaml b/deployment/hasura/metadata/databases/tables/merlin/external_source_type.yaml index 26d7f15195..38a2442094 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/external_source_type.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/external_source_type.yaml @@ -19,27 +19,27 @@ array_relationships: name: derivation_group schema: merlin select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [name, attribute_schema] check: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/merging/conflicting_activities.yaml b/deployment/hasura/metadata/databases/tables/merlin/merging/conflicting_activities.yaml index a6bcec71ea..5d6c3c5bb7 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/merging/conflicting_activities.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/merging/conflicting_activities.yaml @@ -8,27 +8,27 @@ object_relationships: using: foreign_key_constraint_on: merge_request_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [resolution] filter: {} - - role: user + - role: 2-user permission: columns: [resolution] filter: {"merge_request":{"plan_receiving_changes":{"owner":{"_eq":"X-Hasura-User-Id"}}}} diff --git a/deployment/hasura/metadata/databases/tables/merlin/merging/merge_request.yaml b/deployment/hasura/metadata/databases/tables/merlin/merging/merge_request.yaml index fc3717d342..9043d7f5db 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/merging/merge_request.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/merging/merge_request.yaml @@ -45,23 +45,23 @@ array_relationships: name: merge_staging_area schema: merlin select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true # Insert/Update Permissions are not included because these actions are controlled via SQL functions delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {"status":{"_neq":"in-progress"}} diff --git a/deployment/hasura/metadata/databases/tables/merlin/merging/merge_request_comment.yaml b/deployment/hasura/metadata/databases/tables/merlin/merging/merge_request_comment.yaml index 0eeea2fe4f..f2329b9bf2 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/merging/merge_request_comment.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/merging/merge_request_comment.yaml @@ -8,29 +8,29 @@ object_relationships: using: foreign_key_constraint_on: merge_request_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [merge_request_id, comment_text] check: {} set: commenter_username: 'x-hasura-user-id' - - role: user + - role: 2-user permission: columns: [merge_request_id, comment_text] check: {"merge_request": @@ -46,18 +46,18 @@ insert_permissions: set: commenter_username: 'x-hasura-user-id' update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [merge_request_id, commenter_username, comment_text] filter: {} - - role: user + - role: 2-user permission: columns: [comment_text] filter: {"commenter_username":{"_eq":"X-Hasura-User-Id"}} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"commenter_username":{"_eq":"X-Hasura-User-Id"}} diff --git a/deployment/hasura/metadata/databases/tables/merlin/merging/merge_staging_area.yaml b/deployment/hasura/metadata/databases/tables/merlin/merging/merge_staging_area.yaml index cbe6b75734..e642b23bc1 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/merging/merge_staging_area.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/merging/merge_staging_area.yaml @@ -8,17 +8,17 @@ object_relationships: using: foreign_key_constraint_on: merge_request_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/mission_model.yaml b/deployment/hasura/metadata/databases/tables/merlin/mission_model.yaml index 989c391a9e..747f55ab67 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/mission_model.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/mission_model.yaml @@ -85,35 +85,35 @@ array_relationships: column_mapping: id: model_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: "*" filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: "*" filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: "*" filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [mission, name, version, description, jar_id, default_view_id] check: {} set: owner: "x-hasura-user-id" update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [mission, name, version, description, owner, default_view_id] filter: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/mission_model_parameters.yaml b/deployment/hasura/metadata/databases/tables/merlin/mission_model_parameters.yaml index 0391723e78..5d1e694d00 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/mission_model_parameters.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/mission_model_parameters.yaml @@ -4,26 +4,26 @@ table: configuration: custom_name: "mission_model_parameters" select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [parameters] filter: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/plan.yaml b/deployment/hasura/metadata/databases/tables/merlin/plan.yaml index a29f047350..3785d87275 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/plan.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/plan.yaml @@ -68,30 +68,30 @@ array_relationships: name: plan schema: merlin select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [name, duration, model_id, parent_id, start_time, description] check: {} set: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" - - role: user + - role: 2-user permission: columns: [name, duration, model_id, parent_id, start_time, description] check: {} @@ -99,22 +99,22 @@ insert_permissions: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [name, owner, duration, model_id, parent_id, start_time, description] filter: {} set: updated_by: "x-hasura-user-id" - - role: user + - role: 2-user permission: columns: [name, owner, description] filter: {"owner":{"_eq":"X-Hasura-User-Id"}} set: updated_by: "x-hasura-user-id" delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"owner":{"_eq":"X-Hasura-User-Id"}} diff --git a/deployment/hasura/metadata/databases/tables/merlin/plan_collaborators.yaml b/deployment/hasura/metadata/databases/tables/merlin/plan_collaborators.yaml index b5b9db95c1..6e22b49a02 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/plan_collaborators.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/plan_collaborators.yaml @@ -8,34 +8,34 @@ object_relationships: using: foreign_key_constraint_on: plan_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [plan_id, collaborator] check: {} - - role: user + - role: 2-user permission: columns: [plan_id, collaborator] check: {"plan":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"plan":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}} diff --git a/deployment/hasura/metadata/databases/tables/merlin/plan_dataset.yaml b/deployment/hasura/metadata/databases/tables/merlin/plan_dataset.yaml index 5b178046c4..5bc3ae7a62 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/plan_dataset.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/plan_dataset.yaml @@ -11,26 +11,26 @@ object_relationships: using: foreign_key_constraint_on: plan_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"plan":{"owner":{"_eq":"X-Hasura-User-Id"}}} # Uploading/Extending is controlled via an action diff --git a/deployment/hasura/metadata/databases/tables/merlin/plan_derivation_group.yaml b/deployment/hasura/metadata/databases/tables/merlin/plan_derivation_group.yaml index 24bea9254c..d36c57fcae 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/plan_derivation_group.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/plan_derivation_group.yaml @@ -11,27 +11,27 @@ object_relationships: using: foreign_key_constraint_on: derivation_group_name select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [plan_id, derivation_group_name] check: {} - - role: user + - role: 2-user permission: columns: [plan_id, derivation_group_name] check: { @@ -47,11 +47,11 @@ insert_permissions: } } update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [ acknowledged ] filter: {} - - role: user + - role: 2-user permission: columns: [ acknowledged ] filter: { @@ -67,10 +67,10 @@ update_permissions: } } delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: { "plan": { diff --git a/deployment/hasura/metadata/databases/tables/merlin/resource_type.yaml b/deployment/hasura/metadata/databases/tables/merlin/resource_type.yaml index 1c6326de79..8bef0ee9a7 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/resource_type.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/resource_type.yaml @@ -4,22 +4,22 @@ table: configuration: custom_name: "resource_type" select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/simulation/simulated_activity_view.yaml b/deployment/hasura/metadata/databases/tables/merlin/simulation/simulated_activity_view.yaml index bf0bd9179e..e5611b604e 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/simulation/simulated_activity_view.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/simulation/simulated_activity_view.yaml @@ -30,17 +30,17 @@ object_relationships: column_mapping: directive_id: id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation.yaml b/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation.yaml index 028f9215d9..4b36dd8649 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation.yaml @@ -26,32 +26,32 @@ array_relationships: name: simulation_dataset schema: merlin select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [simulation_template_id, arguments, simulation_start_time, simulation_end_time] filter: {} - - role: user + - role: 2-user permission: columns: [simulation_template_id, arguments, simulation_start_time, simulation_end_time] filter: {"plan":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}} # Insert/Delete are handled via Postgres Triggers delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation_dataset.yaml b/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation_dataset.yaml index e45641a8c7..f44b35027d 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation_dataset.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation_dataset.yaml @@ -35,35 +35,35 @@ array_relationships: name: constraint_request schema: merlin select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [requested_by, canceled] filter: {} - - role: user + - role: 2-user permission: columns: [canceled] filter: {"simulation":{"plan":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}}} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"simulation":{"plan":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}}} # Insert is handled via Aerie Merlin diff --git a/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation_extent.yaml b/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation_extent.yaml index 8d1ac095d9..689de32539 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation_extent.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation_extent.yaml @@ -4,22 +4,22 @@ table: configuration: custom_name: "simulation_extent" select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation_template.yaml b/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation_template.yaml index 635290e7f7..734b90918b 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation_template.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation_template.yaml @@ -8,47 +8,47 @@ object_relationships: using: foreign_key_constraint_on: model_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [model_id, description, arguments] check: {} set: owner: 'x-hasura-user-id' - - role: user + - role: 2-user permission: columns: [model_id, description, arguments] check: {} set: owner: 'x-hasura-user-id' update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [model_id, description, arguments, owner] filter: {} - - role: user + - role: 2-user permission: columns: [description, arguments, owner] filter: {"owner":{"_eq":"X-Hasura-User-Id"}} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"owner":{"_eq":"X-Hasura-User-Id"}} diff --git a/deployment/hasura/metadata/databases/tables/merlin/snapshot/plan_snapshot.yaml b/deployment/hasura/metadata/databases/tables/merlin/snapshot/plan_snapshot.yaml index 0f5f90eb1e..85834f4550 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/snapshot/plan_snapshot.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/snapshot/plan_snapshot.yaml @@ -23,33 +23,33 @@ array_relationships: name: plan_snapshot_tags schema: tags select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [description, taken_by] filter: {} - - role: user + - role: 2-user permission: columns: [description] filter: {"plan":{"_or":[ {"owner":{"_eq":"X-Hasura-User-Id"}}, {"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/snapshot/plan_snapshot_activities.yaml b/deployment/hasura/metadata/databases/tables/merlin/snapshot/plan_snapshot_activities.yaml index cd33ee83d6..61a7bf396d 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/snapshot/plan_snapshot_activities.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/snapshot/plan_snapshot_activities.yaml @@ -18,22 +18,22 @@ array_relationships: name: snapshot_activity_tags schema: tags select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/snapshot/preset_to_snapshot_directive.yaml b/deployment/hasura/metadata/databases/tables/merlin/snapshot/preset_to_snapshot_directive.yaml index fdad54a195..d1420f07be 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/snapshot/preset_to_snapshot_directive.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/snapshot/preset_to_snapshot_directive.yaml @@ -13,22 +13,22 @@ object_relationships: using: foreign_key_constraint_on: preset_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/uploaded_file.yaml b/deployment/hasura/metadata/databases/tables/merlin/uploaded_file.yaml index 12a675b2b4..a37ba3199d 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/uploaded_file.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/uploaded_file.yaml @@ -4,22 +4,22 @@ table: configuration: custom_name: "uploaded_file" select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/migrations/applied_migrations_view.yaml b/deployment/hasura/metadata/databases/tables/migrations/applied_migrations_view.yaml index 2ede6993f7..1e862cf2ad 100644 --- a/deployment/hasura/metadata/databases/tables/migrations/applied_migrations_view.yaml +++ b/deployment/hasura/metadata/databases/tables/migrations/applied_migrations_view.yaml @@ -4,7 +4,7 @@ table: configuration: custom_name: "applied_migrations" select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/permissions/user_role_permission.yaml b/deployment/hasura/metadata/databases/tables/permissions/user_role_permission.yaml index 2d44b641bd..ef7c5b2663 100644 --- a/deployment/hasura/metadata/databases/tables/permissions/user_role_permission.yaml +++ b/deployment/hasura/metadata/databases/tables/permissions/user_role_permission.yaml @@ -4,28 +4,28 @@ table: configuration: custom_name: "user_role_permission" select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [role, action_permissions, function_permissions] check: {} update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [action_permissions, function_permissions] filter: {} diff --git a/deployment/hasura/metadata/databases/tables/permissions/user_roles.yaml b/deployment/hasura/metadata/databases/tables/permissions/user_roles.yaml index d7bcbdbfc9..1de8863241 100644 --- a/deployment/hasura/metadata/databases/tables/permissions/user_roles.yaml +++ b/deployment/hasura/metadata/databases/tables/permissions/user_roles.yaml @@ -5,33 +5,33 @@ configuration: custom_name: "user_roles" is_enum: true select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [role, description] check: {"role":{"_neq":"admin"}} update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [role, description] filter: {} check: {"role":{"_neq":"admin"}} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/permissions/users_allowed_roles.yaml b/deployment/hasura/metadata/databases/tables/permissions/users_allowed_roles.yaml index 8d983b8b34..4c6416dd9d 100644 --- a/deployment/hasura/metadata/databases/tables/permissions/users_allowed_roles.yaml +++ b/deployment/hasura/metadata/databases/tables/permissions/users_allowed_roles.yaml @@ -4,32 +4,32 @@ table: configuration: custom_name: "users_allowed_roles" select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {"username":{"_eq":"X-Hasura-User-Id"}} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {"username":{"_eq":"X-Hasura-User-Id"}} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [username, allowed_role] check: {} update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [username, allowed_role] filter: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/permissions/users_and_roles_view.yaml b/deployment/hasura/metadata/databases/tables/permissions/users_and_roles_view.yaml index f586c33fb9..2f4ce941fd 100644 --- a/deployment/hasura/metadata/databases/tables/permissions/users_and_roles_view.yaml +++ b/deployment/hasura/metadata/databases/tables/permissions/users_and_roles_view.yaml @@ -4,17 +4,17 @@ table: configuration: custom_name: "users_and_roles" select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {"username":{"_eq":"X-Hasura-User-Id"}} allow_aggregations: false - - role: viewer + - role: 3-user permission: columns: '*' filter: { "username": { "_eq": "X-Hasura-User-Id" } } diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_condition_definition.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_condition_definition.yaml index de59117702..d16552c42a 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_condition_definition.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_condition_definition.yaml @@ -36,45 +36,45 @@ array_relationships: name: scheduling_specification_conditions schema: scheduler select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' # This should have filtering based on privacy, but cross-database permissions restrictions prevent that filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [condition_id, definition] check: {} set: author: "x-hasura-user-id" - - role: user + - role: 2-user permission: columns: [condition_id, definition] check: {"_or":[{"metadata":{"public":{"_eq":true}}},{"metadata":{"owner":{"_eq":"X-Hasura-User-Id"}}}]} set: author: "x-hasura-user-id" update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [definition, author] filter: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"_or":[ diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_condition_metadata.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_condition_metadata.yaml index ed57446b04..e7e0ddaff6 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_condition_metadata.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_condition_metadata.yaml @@ -33,31 +33,31 @@ array_relationships: name: scheduling_specification_conditions schema: scheduler select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' # This should have filtering based on privacy, but cross-database permissions restrictions prevent that filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [name, description, public] check: {} set: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" - - role: user + - role: 2-user permission: columns: [name, description, public] check: {} @@ -65,22 +65,22 @@ insert_permissions: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [name, description, public, owner] filter: {} set: updated_by: "x-hasura-user-id" - - role: user + - role: 2-user permission: columns: [name, description, public, owner] filter: { "owner": { "_eq": "X-Hasura-User-Id" } } set: updated_by: "x-hasura-user-id" delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: { "owner": { "_eq": "X-Hasura-User-Id" } } diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_goal_definition.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_goal_definition.yaml index 882da9524a..8e9462dffb 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_goal_definition.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_goal_definition.yaml @@ -48,45 +48,45 @@ array_relationships: name: scheduling_specification_goals schema: scheduler select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' # This should have filtering based on privacy, but cross-database permissions restrictions prevent that filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [goal_id, definition, type, uploaded_jar_id, parameter_schema] check: {} set: author: "x-hasura-user-id" - - role: user + - role: 2-user permission: columns: [goal_id, definition, type, uploaded_jar_id, parameter_schema] check: {"_or":[{"metadata":{"public":{"_eq":true}}},{"metadata":{"owner":{"_eq":"X-Hasura-User-Id"}}}]} set: author: "x-hasura-user-id" update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [definition, author] filter: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"_or":[ diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_goal_metadata.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_goal_metadata.yaml index 72c843b18e..9e700e136d 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_goal_metadata.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_goal_metadata.yaml @@ -41,31 +41,31 @@ array_relationships: name: scheduling_specification_goals schema: scheduler select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' # This should have filtering based on privacy, but cross-database permissions restrictions prevent that filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [name, description, public] check: {} set: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" - - role: user + - role: 2-user permission: columns: [name, description, public] check: {} @@ -73,22 +73,22 @@ insert_permissions: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [name, description, public, owner] filter: {} set: updated_by: "x-hasura-user-id" - - role: user + - role: 2-user permission: columns: [name, description, public, owner] filter: { "owner": { "_eq": "X-Hasura-User-Id" } } set: updated_by: "x-hasura-user-id" delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: { "owner": { "_eq": "X-Hasura-User-Id" } } diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_goal_analysis.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_goal_analysis.yaml index 5642b0dc8f..a3d0ad92f8 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_goal_analysis.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_goal_analysis.yaml @@ -31,27 +31,27 @@ array_relationships: name: scheduling_goal_analysis_satisfying_activities schema: scheduler select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [satisfied] filter: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_goal_analysis_created_activities.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_goal_analysis_created_activities.yaml index 1a6c3605b2..8aa1e71443 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_goal_analysis_created_activities.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_goal_analysis_created_activities.yaml @@ -13,21 +13,21 @@ object_relationships: - goal_invocation_id - analysis_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_goal_analysis_satisfying_activities.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_goal_analysis_satisfying_activities.yaml index 7c5640a1b8..d530c6c541 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_goal_analysis_satisfying_activities.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_goal_analysis_satisfying_activities.yaml @@ -13,21 +13,21 @@ object_relationships: - goal_invocation_id - analysis_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_request.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_request.yaml index e119d75b0e..33c6041d04 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_request.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_request.yaml @@ -38,35 +38,35 @@ array_relationships: name: simulation_dataset schema: merlin select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true # Inserting/Updating is handled via the AerieScheduler update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [requested_by, canceled] filter: {} - - role: user + - role: 2-user permission: columns: [canceled] filter: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_model_specification_conditions.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_model_specification_conditions.yaml index d509dfd8f0..1b6686972d 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_model_specification_conditions.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_model_specification_conditions.yaml @@ -16,44 +16,44 @@ object_relationships: using: foreign_key_constraint_on: model_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true # TODO: Modify these once we have a solution for cross-db auth (These permissions should be based on model ownership) insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [model_id, condition_id, condition_revision] check: {} - - role: user + - role: 2-user permission: columns: [model_id, condition_id, condition_revision] check: {} update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [condition_revision] filter: {} - - role: user + - role: 2-user permission: columns: [condition_revision] filter: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_model_specification_goals.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_model_specification_goals.yaml index 69e3cb8859..514c06c14d 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_model_specification_goals.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_model_specification_goals.yaml @@ -16,44 +16,44 @@ object_relationships: using: foreign_key_constraint_on: model_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true # TODO: Modify these once we have a solution for cross-db auth (These permissions should be based on model ownership) insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [model_id, goal_id, goal_revision, priority, arguments] check: {} - - role: user + - role: 2-user permission: columns: [model_id, goal_id, goal_revision, priority, arguments] check: {} update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [goal_revision, priority, arguments] filter: {} - - role: user + - role: 2-user permission: columns: [goal_revision, priority, arguments] filter: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_specification.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_specification.yaml index d9936c75aa..fd707cd746 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_specification.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_specification.yaml @@ -30,44 +30,44 @@ array_relationships: name: scheduling_request schema: scheduler select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true # TODO: Modify these once we have a solution for cross-db auth (These permissions should be based on plan ownership/collaboratorship) insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [plan_id, plan_revision, horizon_start, horizon_end, simulation_arguments, analysis_only] check: {} - - role: user + - role: 2-user permission: columns: [plan_id, plan_revision, horizon_start, horizon_end, simulation_arguments, analysis_only] check: {} update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [plan_id, plan_revision, horizon_start, horizon_end, simulation_arguments, analysis_only] filter: {} - - role: user + - role: 2-user permission: columns: [plan_revision, horizon_start, horizon_end, simulation_arguments, analysis_only] filter: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_specification_conditions.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_specification_conditions.yaml index fa3a24863b..599635e2ff 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_specification_conditions.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_specification_conditions.yaml @@ -16,44 +16,44 @@ object_relationships: using: foreign_key_constraint_on: specification_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true # TODO: Modify these once we have a solution for cross-db auth (These permissions should be based on plan ownership/collaboratorship) insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [specification_id, condition_id, condition_revision, enabled] check: {} - - role: user + - role: 2-user permission: columns: [specification_id, condition_id, condition_revision, enabled] check: {} update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [condition_revision, enabled] filter: {} - - role: user + - role: 2-user permission: columns: [condition_revision, enabled] filter: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_specification_goals.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_specification_goals.yaml index a18ae58fd4..46b03184ae 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_specification_goals.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_specification_goals.yaml @@ -16,44 +16,44 @@ object_relationships: using: foreign_key_constraint_on: specification_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true # TODO: Modify these once we have a solution for cross-db auth (These permissions should be based on plan ownership/collaboratorship) insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [specification_id, goal_id, goal_revision, priority, enabled, simulate_after, arguments, goal_invocation_id] check: {} - - role: user + - role: 2-user permission: columns: [specification_id, goal_id, goal_revision, priority, enabled, simulate_after, arguments, goal_invocation_id] check: {} update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [goal_revision, priority, enabled, simulate_after, arguments] filter: {} - - role: user + - role: 2-user permission: columns: [goal_revision, priority, enabled, simulate_after, arguments] filter: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/activity_instance_commands.yaml b/deployment/hasura/metadata/databases/tables/sequencing/activity_instance_commands.yaml index 4f393e17dc..66af0947d2 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/activity_instance_commands.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/activity_instance_commands.yaml @@ -16,22 +16,22 @@ object_relationships: name: span schema: merlin select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/channel_dictionary.yaml b/deployment/hasura/metadata/databases/tables/sequencing/channel_dictionary.yaml index 316cdcdabf..371c6daedd 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/channel_dictionary.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/channel_dictionary.yaml @@ -4,27 +4,27 @@ table: configuration: custom_name: "channel_dictionary" insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: "*" check: { } select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: "*" filter: { } allow_aggregations: true - - role: user + - role: 2-user permission: columns: "*" filter: { } allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: "*" filter: { } allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: { } diff --git a/deployment/hasura/metadata/databases/tables/sequencing/command_dictionary.yaml b/deployment/hasura/metadata/databases/tables/sequencing/command_dictionary.yaml index f0298d6f53..f5dc4117f6 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/command_dictionary.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/command_dictionary.yaml @@ -4,22 +4,22 @@ table: configuration: custom_name: "command_dictionary" select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: "*" filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: "*" filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: "*" filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/expanded_sequences.yaml b/deployment/hasura/metadata/databases/tables/sequencing/expanded_sequences.yaml index 1baed0eab7..afc33e3004 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/expanded_sequences.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/expanded_sequences.yaml @@ -13,22 +13,22 @@ object_relationships: - seq_id - simulation_dataset_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/expanded_templates.yaml b/deployment/hasura/metadata/databases/tables/sequencing/expanded_templates.yaml index efb0652a3c..bd36f5b9df 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/expanded_templates.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/expanded_templates.yaml @@ -14,22 +14,22 @@ object_relationships: foreign_key_constraint_on: - simulation_dataset_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/expansion_rule.yaml b/deployment/hasura/metadata/databases/tables/sequencing/expansion_rule.yaml index d5ed8a0961..b8523cf005 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/expansion_rule.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/expansion_rule.yaml @@ -21,30 +21,30 @@ array_relationships: name: expansion_rule_tags schema: tags select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [name, activity_type, expansion_logic, parcel_id, authoring_mission_model_id, description] check: {} set: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" - - role: user + - role: 2-user permission: columns: [name, activity_type, expansion_logic, parcel_id, authoring_mission_model_id, description] check: {} @@ -52,23 +52,23 @@ insert_permissions: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [name, activity_type, expansion_logic, parcel_id, authoring_mission_model_id, description, owner] filter: {} set: updated_by: "x-hasura-user-id" - - role: user + - role: 2-user permission: columns: [name, expansion_logic, description, owner] filter: {"owner":{"_eq":"x-hasura-user-id"}} set: updated_by: "x-hasura-user-id" delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"owner":{"_eq":"x-hasura-user-id"}} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/expansion_run.yaml b/deployment/hasura/metadata/databases/tables/sequencing/expansion_run.yaml index 3070f9495c..63b227eae6 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/expansion_run.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/expansion_run.yaml @@ -26,25 +26,25 @@ array_relationships: name: expanded_sequences schema: sequencing select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/expansion_set.yaml b/deployment/hasura/metadata/databases/tables/sequencing/expansion_set.yaml index ab6b693346..b7fc8952e2 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/expansion_set.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/expansion_set.yaml @@ -28,38 +28,38 @@ array_relationships: column_mapping: id: set_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [name, description, parcel_id, mission_model_id, owner] filter: {} set: updated_by: "x-hasura-user-id" - - role: user + - role: 2-user permission: columns: [name, description, owner] filter: {} # Restrict to owner when sequencing fills that column set: updated_by: "x-hasura-user-id" delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {} # Restrict to owner when sequencing fills that column diff --git a/deployment/hasura/metadata/databases/tables/sequencing/expansion_set_rule_view.yaml b/deployment/hasura/metadata/databases/tables/sequencing/expansion_set_rule_view.yaml index 9c7ebcb46d..b085d6995b 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/expansion_set_rule_view.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/expansion_set_rule_view.yaml @@ -14,17 +14,17 @@ array_relationships: column_mapping: set_id: id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/expansion_set_to_rule.yaml b/deployment/hasura/metadata/databases/tables/sequencing/expansion_set_to_rule.yaml index 56e257e8b3..7da86cf29f 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/expansion_set_to_rule.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/expansion_set_to_rule.yaml @@ -17,17 +17,17 @@ array_relationships: name: expansion_rule schema: sequencing select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/parameter_dictionary.yaml b/deployment/hasura/metadata/databases/tables/sequencing/parameter_dictionary.yaml index d236261d1f..3d9d89571d 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/parameter_dictionary.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/parameter_dictionary.yaml @@ -4,27 +4,27 @@ table: configuration: custom_name: "parameter_dictionary" insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: "*" check: {} select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: "*" filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: "*" filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: "*" filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/parcel.yaml b/deployment/hasura/metadata/databases/tables/sequencing/parcel.yaml index d22285b1a7..3e0321c40d 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/parcel.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/parcel.yaml @@ -29,23 +29,23 @@ array_relationships: name: expansion_set schema: sequencing select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: "*" filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: "*" filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: "*" filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: "*" check: {} @@ -53,13 +53,13 @@ insert_permissions: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [channel_dictionary_id, command_dictionary_id, name, sequence_adaptation_id, owner] filter: {} set: updated_by: "x-hasura-user-id" delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/parcel_to_parameter_dictionary.yaml b/deployment/hasura/metadata/databases/tables/sequencing/parcel_to_parameter_dictionary.yaml index 2f5317118e..5d96fc4fc3 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/parcel_to_parameter_dictionary.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/parcel_to_parameter_dictionary.yaml @@ -11,27 +11,27 @@ object_relationships: using: foreign_key_constraint_on: parameter_dictionary_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: "*" filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: "*" filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: "*" filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: "*" check: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/rule_expansion_set_view.yaml b/deployment/hasura/metadata/databases/tables/sequencing/rule_expansion_set_view.yaml index 13bd1efbf3..dbf663a280 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/rule_expansion_set_view.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/rule_expansion_set_view.yaml @@ -14,17 +14,17 @@ array_relationships: column_mapping: rule_id: id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/sequence.yaml b/deployment/hasura/metadata/databases/tables/sequencing/sequence.yaml index ecbda13a14..6899d5d54c 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/sequence.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/sequence.yaml @@ -18,39 +18,39 @@ array_relationships: name: sequence_to_simulated_activity schema: sequencing select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [seq_id, simulation_dataset_id, created_at, metadata] check: {} - - role: user + - role: 2-user permission: columns: [seq_id, simulation_dataset_id, created_at, metadata] check: {} update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [metadata] filter: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/sequence_adaptation.yaml b/deployment/hasura/metadata/databases/tables/sequencing/sequence_adaptation.yaml index be4d29f1c0..de04ea4d07 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/sequence_adaptation.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/sequence_adaptation.yaml @@ -4,23 +4,23 @@ table: configuration: custom_name: "sequence_adaptation" select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: "*" filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: "*" filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: "*" filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [adaptation, name] check: {} @@ -28,13 +28,13 @@ insert_permissions: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [adaptation, name, owner] filter: {} set: updated_by: "x-hasura-user-id" delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/sequence_filter.yaml b/deployment/hasura/metadata/databases/tables/sequencing/sequence_filter.yaml index 68161d1a8f..ceba637a6f 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/sequence_filter.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/sequence_filter.yaml @@ -8,39 +8,39 @@ object_relationships: using: foreign_key_constraint_on: model_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [filter, model_id, name] check: {} - - role: user + - role: 2-user permission: columns: [filter, model_id, name] check: {} update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [filter, name] filter: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/sequence_template.yaml b/deployment/hasura/metadata/databases/tables/sequencing/sequence_template.yaml index 2c61acef33..5aa6dd28bf 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/sequence_template.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/sequence_template.yaml @@ -4,47 +4,47 @@ table: configuration: custom_name: "sequence_template" select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [name, model_id, parcel_id, template_definition, activity_type, language, owner] check: {} set: owner: "x-hasura-user-id" - - role: user + - role: 2-user permission: columns: [name, model_id, parcel_id, template_definition, activity_type, language, owner] check: {} set: owner: "x-hasura-user-id" update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [name, model_id, parcel_id, template_definition, activity_type, language, owner] filter: {} - - role: user + - role: 2-user permission: columns: [name, model_id, parcel_id, template_definition, activity_type, language, owner] filter: {"owner":{"_eq":"x-hasura-user-id"}} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"owner":{"_eq":"x-hasura-user-id"}} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/sequence_to_simulated_activity.yaml b/deployment/hasura/metadata/databases/tables/sequencing/sequence_to_simulated_activity.yaml index 9d2296aa07..9e336c272d 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/sequence_to_simulated_activity.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/sequence_to_simulated_activity.yaml @@ -17,43 +17,43 @@ object_relationships: name: simulated_activity schema: merlin select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [simulated_activity_id, simulation_dataset_id, seq_id] check: {} - - role: user + - role: 2-user permission: columns: [simulated_activity_id, simulation_dataset_id, seq_id] check: {} update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [simulated_activity_id, simulation_dataset_id, seq_id] filter: {} - - role: user + - role: 2-user permission: columns: [simulated_activity_id, simulation_dataset_id, seq_id] filter: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/workspace.yaml b/deployment/hasura/metadata/databases/tables/sequencing/workspace.yaml index 26ee11b3e7..e599d90199 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/workspace.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/workspace.yaml @@ -23,29 +23,29 @@ array_relationships: name: action_definition schema: actions select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [name, owner, parcel_id] filter: {} set: updated_by: "x-hasura-user-id" - - role: user + - role: 2-user permission: columns: [name, owner, parcel_id] filter: { "owner": { "_eq": "x-hasura-user-id" } } diff --git a/deployment/hasura/metadata/databases/tables/sequencing/workspace_collaborators.yaml b/deployment/hasura/metadata/databases/tables/sequencing/workspace_collaborators.yaml index 321367cba2..48f98fc6a9 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/workspace_collaborators.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/workspace_collaborators.yaml @@ -8,34 +8,34 @@ object_relationships: using: foreign_key_constraint_on: workspace_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [workspace_id, collaborator] check: {} - - role: user + - role: 2-user permission: columns: [workspace_id, collaborator] check: {"workspace":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"workspace":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}} diff --git a/deployment/hasura/metadata/databases/tables/tags/activity_directive_tags.yaml b/deployment/hasura/metadata/databases/tables/tags/activity_directive_tags.yaml index c506e2bd50..cdc6ac33d0 100644 --- a/deployment/hasura/metadata/databases/tables/tags/activity_directive_tags.yaml +++ b/deployment/hasura/metadata/databases/tables/tags/activity_directive_tags.yaml @@ -11,34 +11,34 @@ object_relationships: using: foreign_key_constraint_on: tag_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [plan_id, directive_id, tag_id] check: {} - - role: user + - role: 2-user permission: columns: [plan_id, directive_id, tag_id] check: {"activity_directive": {"plan":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}}} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"activity_directive": {"plan":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}}} diff --git a/deployment/hasura/metadata/databases/tables/tags/constraint_definition_tags.yaml b/deployment/hasura/metadata/databases/tables/tags/constraint_definition_tags.yaml index 291fe991a7..bd5311f9bd 100644 --- a/deployment/hasura/metadata/databases/tables/tags/constraint_definition_tags.yaml +++ b/deployment/hasura/metadata/databases/tables/tags/constraint_definition_tags.yaml @@ -13,37 +13,37 @@ object_relationships: using: foreign_key_constraint_on: tag_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [constraint_id, constraint_revision, tag_id] check: {} - - role: user + - role: 2-user permission: columns: [constraint_id, constraint_revision, tag_id] check: {"constraint_definition":{"_or":[ {"author":{"_eq":"X-Hasura-User-Id"}}, {"metadata":{"owner":{"_eq":"X-Hasura-User-Id"}}}]}} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"constraint_definition":{"_or":[ {"author":{"_eq":"X-Hasura-User-Id"}}, diff --git a/deployment/hasura/metadata/databases/tables/tags/constraint_tags.yaml b/deployment/hasura/metadata/databases/tables/tags/constraint_tags.yaml index 933d735e11..e7929da7e2 100644 --- a/deployment/hasura/metadata/databases/tables/tags/constraint_tags.yaml +++ b/deployment/hasura/metadata/databases/tables/tags/constraint_tags.yaml @@ -11,34 +11,34 @@ object_relationships: using: foreign_key_constraint_on: tag_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [constraint_id, tag_id] check: {} - - role: user + - role: 2-user permission: columns: [constraint_id, tag_id] check: {"constraint_metadata":{"owner":{"_eq":"X-Hasura-User-Id"}}} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"constraint_metadata":{"owner":{"_eq":"X-Hasura-User-Id"}}} diff --git a/deployment/hasura/metadata/databases/tables/tags/expansion_rule_tags.yaml b/deployment/hasura/metadata/databases/tables/tags/expansion_rule_tags.yaml index 5de9ea4251..9654d4adb4 100644 --- a/deployment/hasura/metadata/databases/tables/tags/expansion_rule_tags.yaml +++ b/deployment/hasura/metadata/databases/tables/tags/expansion_rule_tags.yaml @@ -11,34 +11,34 @@ object_relationships: using: foreign_key_constraint_on: tag_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [rule_id, tag_id] check: {} - - role: user + - role: 2-user permission: columns: [rule_id, tag_id] check: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/tags/plan_snapshot_tags.yaml b/deployment/hasura/metadata/databases/tables/tags/plan_snapshot_tags.yaml index 2db49da21c..6b23b1081c 100644 --- a/deployment/hasura/metadata/databases/tables/tags/plan_snapshot_tags.yaml +++ b/deployment/hasura/metadata/databases/tables/tags/plan_snapshot_tags.yaml @@ -11,37 +11,37 @@ object_relationships: using: foreign_key_constraint_on: tag_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [snapshot_id, tag_id] check: {} - - role: user + - role: 2-user permission: columns: [snapshot_id, tag_id] check: {"plan_snapshot":{"plan":{"_or":[ {"owner":{"_eq":"X-Hasura-User-Id"}}, {"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}}} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"plan_snapshot":{"plan":{"_or":[ {"owner":{"_eq":"X-Hasura-User-Id"}}, diff --git a/deployment/hasura/metadata/databases/tables/tags/plan_tags.yaml b/deployment/hasura/metadata/databases/tables/tags/plan_tags.yaml index c9ab4b62ce..2d9beb1290 100644 --- a/deployment/hasura/metadata/databases/tables/tags/plan_tags.yaml +++ b/deployment/hasura/metadata/databases/tables/tags/plan_tags.yaml @@ -11,34 +11,34 @@ object_relationships: using: foreign_key_constraint_on: tag_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [plan_id, tag_id] check: {} - - role: user + - role: 2-user permission: columns: [plan_id, tag_id] check: {"plan": {"owner":{"_eq":"X-Hasura-User-Id"}}} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"plan": {"owner":{"_eq":"X-Hasura-User-Id"}}} diff --git a/deployment/hasura/metadata/databases/tables/tags/scheduling_condition_definition_tags.yaml b/deployment/hasura/metadata/databases/tables/tags/scheduling_condition_definition_tags.yaml index 6e49a2efbe..6156512e34 100644 --- a/deployment/hasura/metadata/databases/tables/tags/scheduling_condition_definition_tags.yaml +++ b/deployment/hasura/metadata/databases/tables/tags/scheduling_condition_definition_tags.yaml @@ -13,37 +13,37 @@ object_relationships: using: foreign_key_constraint_on: tag_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [condition_id, condition_revision, tag_id] check: {} - - role: user + - role: 2-user permission: columns: [condition_id, condition_revision, tag_id] check: {"condition_definition":{"_or":[ {"author":{"_eq":"X-Hasura-User-Id"}}, {"metadata":{"owner":{"_eq":"X-Hasura-User-Id"}}}]}} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"condition_definition":{"_or":[ {"author":{"_eq":"X-Hasura-User-Id"}}, diff --git a/deployment/hasura/metadata/databases/tables/tags/scheduling_condition_tags.yaml b/deployment/hasura/metadata/databases/tables/tags/scheduling_condition_tags.yaml index de03b68035..b63764fc75 100644 --- a/deployment/hasura/metadata/databases/tables/tags/scheduling_condition_tags.yaml +++ b/deployment/hasura/metadata/databases/tables/tags/scheduling_condition_tags.yaml @@ -11,34 +11,34 @@ object_relationships: using: foreign_key_constraint_on: tag_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [condition_id, tag_id] check: {} - - role: user + - role: 2-user permission: columns: [condition_id, tag_id] check: {"condition_metadata":{"owner":{"_eq":"X-Hasura-User-Id"}}} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"condition_metadata":{"owner":{"_eq":"X-Hasura-User-Id"}}} diff --git a/deployment/hasura/metadata/databases/tables/tags/scheduling_goal_definition_tags.yaml b/deployment/hasura/metadata/databases/tables/tags/scheduling_goal_definition_tags.yaml index 1e0cd51906..7bcedaccac 100644 --- a/deployment/hasura/metadata/databases/tables/tags/scheduling_goal_definition_tags.yaml +++ b/deployment/hasura/metadata/databases/tables/tags/scheduling_goal_definition_tags.yaml @@ -13,37 +13,37 @@ object_relationships: using: foreign_key_constraint_on: tag_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [goal_id, goal_revision, tag_id] check: {} - - role: user + - role: 2-user permission: columns: [goal_id, goal_revision, tag_id] check: {"goal_definition":{"_or":[ {"author":{"_eq":"X-Hasura-User-Id"}}, {"metadata":{"owner":{"_eq":"X-Hasura-User-Id"}}}]}} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"goal_definition":{"_or":[ {"author":{"_eq":"X-Hasura-User-Id"}}, diff --git a/deployment/hasura/metadata/databases/tables/tags/scheduling_goal_tags.yaml b/deployment/hasura/metadata/databases/tables/tags/scheduling_goal_tags.yaml index 000d8d8202..723dc0c1d8 100644 --- a/deployment/hasura/metadata/databases/tables/tags/scheduling_goal_tags.yaml +++ b/deployment/hasura/metadata/databases/tables/tags/scheduling_goal_tags.yaml @@ -11,34 +11,34 @@ object_relationships: using: foreign_key_constraint_on: tag_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [goal_id, tag_id] check: {} - - role: user + - role: 2-user permission: columns: [goal_id, tag_id] check: {"goal_metadata":{"owner":{"_eq":"X-Hasura-User-Id"}}} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"goal_metadata":{"owner":{"_eq":"X-Hasura-User-Id"}}} diff --git a/deployment/hasura/metadata/databases/tables/tags/snapshot_activity_tags.yaml b/deployment/hasura/metadata/databases/tables/tags/snapshot_activity_tags.yaml index 29a331e901..86c89d6d18 100644 --- a/deployment/hasura/metadata/databases/tables/tags/snapshot_activity_tags.yaml +++ b/deployment/hasura/metadata/databases/tables/tags/snapshot_activity_tags.yaml @@ -11,22 +11,22 @@ object_relationships: using: foreign_key_constraint_on: tag_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/tags/tags.yaml b/deployment/hasura/metadata/databases/tables/tags/tags.yaml index a37bf51012..d6d7296b80 100644 --- a/deployment/hasura/metadata/databases/tables/tags/tags.yaml +++ b/deployment/hasura/metadata/databases/tables/tags/tags.yaml @@ -4,47 +4,47 @@ table: configuration: custom_name: "tags" select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [name, color] check: {} set: owner: "x-hasura-user-id" - - role: user + - role: 2-user permission: columns: [name, color] check: {} set: owner: "x-hasura-user-id" update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [name, color, owner] filter: {} - - role: user + - role: 2-user permission: columns: [name, color, owner] filter: {"owner":{"_eq":"X-Hasura-User-Id"}} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"owner":{"_eq":"X-Hasura-User-Id"}} diff --git a/deployment/hasura/metadata/databases/tables/ui/extension_roles.yaml b/deployment/hasura/metadata/databases/tables/ui/extension_roles.yaml index cd85072e13..bae3c7ff4b 100644 --- a/deployment/hasura/metadata/databases/tables/ui/extension_roles.yaml +++ b/deployment/hasura/metadata/databases/tables/ui/extension_roles.yaml @@ -8,32 +8,32 @@ object_relationships: using: foreign_key_constraint_on: extension_id select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [extension_id, role] check: {} update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [role] filter: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/ui/extensions.yaml b/deployment/hasura/metadata/databases/tables/ui/extensions.yaml index d376ac71d0..4d8fbae6e5 100644 --- a/deployment/hasura/metadata/databases/tables/ui/extensions.yaml +++ b/deployment/hasura/metadata/databases/tables/ui/extensions.yaml @@ -12,34 +12,34 @@ array_relationships: name: extension_roles schema: ui select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [description, label, url] check: {} set: owner: "x-hasura-user-id" update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [description, label, owner, url] filter: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/ui/file_extension_content_type.yaml b/deployment/hasura/metadata/databases/tables/ui/file_extension_content_type.yaml index 36cd5ce748..ac48047910 100644 --- a/deployment/hasura/metadata/databases/tables/ui/file_extension_content_type.yaml +++ b/deployment/hasura/metadata/databases/tables/ui/file_extension_content_type.yaml @@ -4,32 +4,32 @@ table: configuration: custom_name: "file_extension_content_type" select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [file_extension, content_type] check: {} update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [content_type] filter: {} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/ui/view.yaml b/deployment/hasura/metadata/databases/tables/ui/view.yaml index 162c6f86ee..3710ae9e54 100644 --- a/deployment/hasura/metadata/databases/tables/ui/view.yaml +++ b/deployment/hasura/metadata/databases/tables/ui/view.yaml @@ -4,47 +4,47 @@ table: configuration: custom_name: "view" select_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: user + - role: 2-user permission: columns: '*' filter: {} allow_aggregations: true - - role: viewer + - role: 3-user permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [definition, name] check: {} set: owner: "x-hasura-user-id" - - role: user + - role: 2-user permission: columns: [definition, name] check: {} set: owner: "x-hasura-user-id" update_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: columns: [definition, name, owner] filter: {} - - role: user + - role: 2-user permission: columns: [definition, name, owner] filter: {"owner":{"_eq":"x-hasura-user-id"}} delete_permissions: - - role: aerie_admin + - role: 1-aerie_admin permission: filter: {} - - role: user + - role: 2-user permission: filter: {"owner":{"_eq":"x-hasura-user-id"}} diff --git a/deployment/hasura/migrations/Aerie/23_plan_model_migration/down.sql b/deployment/hasura/migrations/Aerie/23_plan_model_migration/down.sql index 7768ac22a2..5f8d04b87e 100644 --- a/deployment/hasura/migrations/Aerie/23_plan_model_migration/down.sql +++ b/deployment/hasura/migrations/Aerie/23_plan_model_migration/down.sql @@ -31,8 +31,8 @@ declare _function_permission permissions.permission; begin _role := permissions.get_role(hasura_session); - -- The aerie_admin role is always treated as having NO_CHECK permissions on all functions. - if _role = 'aerie_admin' then return 'NO_CHECK'; end if; + -- The 1-aerie_admin role is always treated as having NO_CHECK permissions on all functions. + if _role = '1-aerie_admin' then return 'NO_CHECK'; end if; select (function_permissions ->> _function::text)::permissions.permission from permissions.user_role_permission urp diff --git a/deployment/postgres-init-db/sql/default_user_roles.sql b/deployment/postgres-init-db/sql/default_user_roles.sql index f6a6defb97..5002f28944 100644 --- a/deployment/postgres-init-db/sql/default_user_roles.sql +++ b/deployment/postgres-init-db/sql/default_user_roles.sql @@ -1,12 +1,12 @@ -- Default Roles: -insert into permissions.user_roles(role) values ('aerie_admin'), ('user'), ('viewer'); +insert into permissions.user_roles(role) values ('1-aerie_admin'), ('2-user'), ('3-viewer'); -- Permissions For Default Roles: --- 'aerie_admin' permissions aren't specified since 'aerie_admin' is always considered to have "NO_CHECK" permissions +-- '1-aerie_admin' permissions aren't specified since '1-aerie_admin' is always considered to have "NO_CHECK" permissions update permissions.user_role_permission set action_permissions = '{}', function_permissions = '{}' -where role = 'aerie_admin'; +where role = '1-aerie_admin'; update permissions.user_role_permission set action_permissions = '{ @@ -47,7 +47,7 @@ set action_permissions = '{ "set_resolution_bulk": "PLAN_OWNER_TARGET", "withdraw_merge_rq": "PLAN_OWNER_SOURCE" }' -where role = 'user'; +where role = '2-user'; update permissions.user_role_permission set action_permissions = '{ @@ -59,9 +59,9 @@ set action_permissions = '{ "get_non_conflicting_activities": "NO_CHECK", "get_plan_history": "NO_CHECK" }' -where role = 'viewer'; +where role = '3-viewer'; -- Default Users: insert into permissions.users(username, default_role) - values ('Mission Model', 'viewer'), - ('Aerie Legacy', 'viewer'); + values ('Mission Model', '3-viewer'), + ('Aerie Legacy', '3-viewer'); diff --git a/deployment/postgres-init-db/sql/functions/permissions/get_function_permissions.sql b/deployment/postgres-init-db/sql/functions/permissions/get_function_permissions.sql index c48203a418..27f4aad2d8 100644 --- a/deployment/postgres-init-db/sql/functions/permissions/get_function_permissions.sql +++ b/deployment/postgres-init-db/sql/functions/permissions/get_function_permissions.sql @@ -7,8 +7,8 @@ declare _function_permission permissions.permission; begin _role := permissions.get_role(hasura_session); - -- The aerie_admin role is always treated as having NO_CHECK permissions on all functions. - if _role = 'aerie_admin' then return 'NO_CHECK'; end if; + -- The 1-aerie_admin role is always treated as having NO_CHECK permissions on all functions. + if _role = '1-aerie_admin' then return 'NO_CHECK'; end if; select (function_permissions ->> _function::text)::permissions.permission from permissions.user_role_permission urp diff --git a/permissions/src/main/java/gov/nasa/jpl/aerie/permissions/PermissionsService.java b/permissions/src/main/java/gov/nasa/jpl/aerie/permissions/PermissionsService.java index 33047a6b2e..6fc73c925c 100644 --- a/permissions/src/main/java/gov/nasa/jpl/aerie/permissions/PermissionsService.java +++ b/permissions/src/main/java/gov/nasa/jpl/aerie/permissions/PermissionsService.java @@ -38,7 +38,7 @@ public void check( private PermissionType getActionPermission(final Action action, final String role) throws Unauthorized, IOException, PermissionsServiceException { - if (role.equals("aerie_admin")) { + if (role.equals("1-aerie_admin")) { return PermissionType.NO_CHECK; } return gqlService.getActionPermission(action, role); From 178a4fb07b1ca5fddb454f0190707bee7a81972b Mon Sep 17 00:00:00 2001 From: psubram3 Date: Thu, 28 Aug 2025 14:41:02 -0700 Subject: [PATCH 4/7] Revert "sort of required for things to work -> map user roles to have number prefix" This reverts commit bc549a7e3c63bbedc3eda0bb701615711d50e096. --- deployment/hasura/metadata/actions.yaml | 124 +++++++++--------- .../databases/functions/functions.yaml | 110 ++++++++-------- .../tables/actions/action_definition.yaml | 12 +- .../databases/tables/actions/action_run.yaml | 16 +-- .../hasura/begin_merge_return_value.yaml | 4 +- .../hasura/cancel_merge_return_value.yaml | 4 +- ...l_compatibility_for_plan_return_value.yaml | 4 +- ...heck_model_compatibility_return_value.yaml | 4 +- .../hasura/commit_merge_return_value.yaml | 4 +- .../hasura/create_merge_return_value.yaml | 4 +- .../hasura/create_snapshot_return_value.yaml | 4 +- .../hasura/delete_anchor_return_value.yaml | 4 +- .../hasura/deny_merge_return_value.yaml | 4 +- .../hasura/duplicate_plan_return_value.yaml | 4 +- ...t_conflicting_activities_return_value.yaml | 4 +- ...n_conflicting_activities_return_value.yaml | 4 +- .../hasura/get_plan_history_return_value.yaml | 4 +- .../migrate_plan_to_model_return_value.yaml | 4 +- .../hasura/refresh_activity_type_logs.yaml | 6 +- .../hasura/refresh_model_parameter_logs.yaml | 6 +- .../hasura/refresh_resource_types_logs.yaml | 6 +- ...resource_at_start_offset_return_value.yaml | 4 +- .../withdraw_merge_request_return_value.yaml | 4 +- .../activity_directive.yaml | 18 +-- .../activity_directive_changelog.yaml | 10 +- .../activity_directive_extended.yaml | 6 +- .../activity_directive_metadata_schema.yaml | 16 +-- .../activity_directive_validations.yaml | 8 +- .../activity_directive/activity_presets.yaml | 18 +-- .../anchor_validation_status.yaml | 8 +- .../preset_to_directive.yaml | 12 +- .../tables/merlin/activity_type.yaml | 12 +- .../constraints/constraint_definition.yaml | 16 +-- .../constraints/constraint_metadata.yaml | 18 +-- .../constraint_model_specification.yaml | 18 +-- .../constraints/constraint_request.yaml | 8 +- .../constraints/constraint_results.yaml | 8 +- .../merlin/constraints/constraint_run.yaml | 8 +- .../constraints/constraint_specification.yaml | 18 +-- .../tables/merlin/dataset/dataset.yaml | 10 +- .../tables/merlin/dataset/event.yaml | 8 +- .../tables/merlin/dataset/profile.yaml | 8 +- .../merlin/dataset/profile_segment.yaml | 8 +- .../merlin/dataset/resource_profile_view.yaml | 8 +- .../databases/tables/merlin/dataset/span.yaml | 8 +- .../tables/merlin/dataset/topic.yaml | 8 +- .../tables/merlin/derivation_group.yaml | 14 +- .../tables/merlin/derived_events.yaml | 6 +- .../tables/merlin/external_event.yaml | 12 +- .../tables/merlin/external_event_type.yaml | 10 +- .../tables/merlin/external_source.yaml | 14 +- .../tables/merlin/external_source_type.yaml | 10 +- .../merging/conflicting_activities.yaml | 10 +- .../tables/merlin/merging/merge_request.yaml | 8 +- .../merlin/merging/merge_request_comment.yaml | 18 +-- .../merlin/merging/merge_staging_area.yaml | 6 +- .../tables/merlin/mission_model.yaml | 12 +- .../merlin/mission_model_parameters.yaml | 10 +- .../databases/tables/merlin/plan.yaml | 18 +-- .../tables/merlin/plan_collaborators.yaml | 14 +- .../databases/tables/merlin/plan_dataset.yaml | 10 +- .../tables/merlin/plan_derivation_group.yaml | 18 +-- .../tables/merlin/resource_type.yaml | 8 +- .../simulation/simulated_activity_view.yaml | 6 +- .../tables/merlin/simulation/simulation.yaml | 12 +- .../merlin/simulation/simulation_dataset.yaml | 14 +- .../merlin/simulation/simulation_extent.yaml | 8 +- .../simulation/simulation_template.yaml | 18 +-- .../tables/merlin/snapshot/plan_snapshot.yaml | 12 +- .../snapshot/plan_snapshot_activities.yaml | 8 +- .../preset_to_snapshot_directive.yaml | 8 +- .../tables/merlin/uploaded_file.yaml | 8 +- .../migrations/applied_migrations_view.yaml | 2 +- .../permissions/user_role_permission.yaml | 10 +- .../tables/permissions/user_roles.yaml | 12 +- .../permissions/users_allowed_roles.yaml | 12 +- .../permissions/users_and_roles_view.yaml | 6 +- .../scheduling_condition_definition.yaml | 16 +-- .../scheduling_condition_metadata.yaml | 18 +-- .../scheduler/scheduling_goal_definition.yaml | 16 +-- .../scheduler/scheduling_goal_metadata.yaml | 18 +-- .../scheduling_goal_analysis.yaml | 10 +- ...ling_goal_analysis_created_activities.yaml | 8 +- ...g_goal_analysis_satisfying_activities.yaml | 8 +- .../scheduling_run/scheduling_request.yaml | 14 +- ...duling_model_specification_conditions.yaml | 18 +-- .../scheduling_model_specification_goals.yaml | 18 +-- .../scheduling_specification.yaml | 18 +-- .../scheduling_specification_conditions.yaml | 18 +-- .../scheduling_specification_goals.yaml | 18 +-- .../activity_instance_commands.yaml | 8 +- .../tables/sequencing/channel_dictionary.yaml | 10 +- .../tables/sequencing/command_dictionary.yaml | 8 +- .../tables/sequencing/expanded_sequences.yaml | 8 +- .../tables/sequencing/expanded_templates.yaml | 8 +- .../tables/sequencing/expansion_rule.yaml | 18 +-- .../tables/sequencing/expansion_run.yaml | 10 +- .../tables/sequencing/expansion_set.yaml | 14 +- .../sequencing/expansion_set_rule_view.yaml | 6 +- .../sequencing/expansion_set_to_rule.yaml | 6 +- .../sequencing/parameter_dictionary.yaml | 10 +- .../databases/tables/sequencing/parcel.yaml | 12 +- .../parcel_to_parameter_dictionary.yaml | 10 +- .../sequencing/rule_expansion_set_view.yaml | 6 +- .../databases/tables/sequencing/sequence.yaml | 16 +-- .../sequencing/sequence_adaptation.yaml | 12 +- .../tables/sequencing/sequence_filter.yaml | 16 +-- .../tables/sequencing/sequence_template.yaml | 18 +-- .../sequence_to_simulated_activity.yaml | 18 +-- .../tables/sequencing/workspace.yaml | 10 +- .../sequencing/workspace_collaborators.yaml | 14 +- .../tables/tags/activity_directive_tags.yaml | 14 +- .../tags/constraint_definition_tags.yaml | 14 +- .../tables/tags/constraint_tags.yaml | 14 +- .../tables/tags/expansion_rule_tags.yaml | 14 +- .../tables/tags/plan_snapshot_tags.yaml | 14 +- .../databases/tables/tags/plan_tags.yaml | 14 +- .../scheduling_condition_definition_tags.yaml | 14 +- .../tags/scheduling_condition_tags.yaml | 14 +- .../tags/scheduling_goal_definition_tags.yaml | 14 +- .../tables/tags/scheduling_goal_tags.yaml | 14 +- .../tables/tags/snapshot_activity_tags.yaml | 8 +- .../metadata/databases/tables/tags/tags.yaml | 18 +-- .../databases/tables/ui/extension_roles.yaml | 12 +- .../databases/tables/ui/extensions.yaml | 12 +- .../ui/file_extension_content_type.yaml | 12 +- .../metadata/databases/tables/ui/view.yaml | 18 +-- .../Aerie/23_plan_model_migration/down.sql | 4 +- .../sql/default_user_roles.sql | 14 +- .../permissions/get_function_permissions.sql | 4 +- .../aerie/permissions/PermissionsService.java | 2 +- 131 files changed, 809 insertions(+), 809 deletions(-) diff --git a/deployment/hasura/metadata/actions.yaml b/deployment/hasura/metadata/actions.yaml index 5a431f4e01..e78f24227b 100644 --- a/deployment/hasura/metadata/actions.yaml +++ b/deployment/hasura/metadata/actions.yaml @@ -5,218 +5,218 @@ actions: handler: "{{AERIE_MERLIN_URL}}/addExternalDataset" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - name: extendExternalDataset definition: kind: synchronous handler: "{{AERIE_MERLIN_URL}}/extendExternalDataset" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - name: uploadDictionary definition: kind: synchronous handler: "{{AERIE_SEQUENCING_URL}}/put-dictionary" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - name: addCommandExpansionTypeScript definition: kind: synchronous handler: "{{AERIE_SEQUENCING_URL}}/command-expansion/put-expansion" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - name: assignActivitiesByFilter definition: kind: synchronous handler: "{{AERIE_SEQUENCING_URL}}/command-expansion/assign-activities-by-filter" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - name: addTemplate definition: kind: synchronous handler: "{{AERIE_SEQUENCING_URL}}/command-expansion/put-template" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - name: createExpansionSet definition: kind: synchronous handler: "{{AERIE_SEQUENCING_URL}}/command-expansion/put-expansion-set" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - name: expandAllActivities definition: kind: synchronous handler: "{{AERIE_SEQUENCING_URL}}/command-expansion/expand-all-activity-instances" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - name: expandAllTemplates definition: kind: synchronous handler: "{{AERIE_SEQUENCING_URL}}/command-expansion/expand-all-sequence-templates" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - name: getModelEffectiveArguments definition: kind: "" handler: "{{AERIE_MERLIN_URL}}/getModelEffectiveArguments" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user - - role: 3-user + - role: aerie_admin + - role: user + - role: viewer - name: getActivityEffectiveArguments definition: kind: "" handler: "{{AERIE_MERLIN_URL}}/getActivityEffectiveArguments" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user - - role: 3-user + - role: aerie_admin + - role: user + - role: viewer - name: getActivityEffectiveArgumentsBulk definition: kind: "" handler: "{{AERIE_MERLIN_URL}}/getActivityEffectiveArgumentsBulk" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user - - role: 3-user + - role: aerie_admin + - role: user + - role: viewer - name: getActivityTypeScript definition: kind: "" handler: "{{AERIE_SEQUENCING_URL}}/get-activity-typescript" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - name: getCommandTypeScript definition: kind: "" handler: "{{AERIE_SEQUENCING_URL}}/get-command-typescript" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - name: getSequenceSeqJson definition: kind: "" handler: "{{AERIE_SEQUENCING_URL}}/seqjson/get-seqjson-for-seqid-and-simulation-dataset" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user - - role: 3-user + - role: aerie_admin + - role: user + - role: viewer - name: getSequenceSeqJsonBulk definition: kind: "" handler: "{{AERIE_SEQUENCING_URL}}/seqjson/bulk-get-seqjson-for-seqid-and-simulation-dataset" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user - - role: 3-user + - role: aerie_admin + - role: user + - role: viewer - name: resourceTypes definition: kind: "" handler: "{{AERIE_MERLIN_URL}}/resourceTypes" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user - - role: 3-user + - role: aerie_admin + - role: user + - role: viewer - name: schedule definition: kind: "" handler: "{{AERIE_SCHEDULER_URL}}/schedule" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - name: schedulingDslTypescript definition: kind: "" handler: "{{AERIE_SCHEDULER_URL}}/schedulingDslTypescript" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - name: constraintsDslTypescript definition: kind: "" handler: "{{AERIE_MERLIN_URL}}/constraintsDslTypescript" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - name: simulate definition: kind: "" handler: "{{AERIE_MERLIN_URL}}/getSimulationResults" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - name: resourceSamples definition: kind: "" handler: "{{AERIE_MERLIN_URL}}/resourceSamples" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user - - role: 3-user + - role: aerie_admin + - role: user + - role: viewer - name: constraintViolations definition: kind: "" handler: "{{AERIE_MERLIN_URL}}/constraintViolations" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - name: validateActivityArguments definition: kind: "" handler: "{{AERIE_MERLIN_URL}}/validateActivityArguments" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user - - role: 3-user + - role: aerie_admin + - role: user + - role: viewer - name: validateModelArguments definition: kind: "" handler: "{{AERIE_MERLIN_URL}}/validateModelArguments" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user - - role: 3-user + - role: aerie_admin + - role: user + - role: viewer - name: validatePlan definition: kind: "" handler: "{{AERIE_MERLIN_URL}}/validatePlan" timeout: 300 permissions: - - role: 1-aerie_admin - - role: 2-user - - role: 3-user + - role: aerie_admin + - role: user + - role: viewer custom_types: enums: - name: MerlinSimulationStatus diff --git a/deployment/hasura/metadata/databases/functions/functions.yaml b/deployment/hasura/metadata/databases/functions/functions.yaml index 2930744641..5e5bfcd79b 100644 --- a/deployment/hasura/metadata/databases/functions/functions.yaml +++ b/deployment/hasura/metadata/databases/functions/functions.yaml @@ -6,8 +6,8 @@ function: apply_preset_to_activity session_argument: hasura_session permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - function: name: begin_merge schema: hasura @@ -16,8 +16,8 @@ function: begin_merge session_argument: hasura_session permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - function: name: cancel_merge schema: hasura @@ -26,8 +26,8 @@ function: cancel_merge session_argument: hasura_session permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - function: name: create_merge_request schema: hasura @@ -36,8 +36,8 @@ function: create_merge_request session_argument: hasura_session permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - function: name: create_snapshot schema: hasura @@ -46,8 +46,8 @@ function: create_snapshot session_argument: hasura_session permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - function: name: commit_merge schema: hasura @@ -56,8 +56,8 @@ function: commit_merge session_argument: hasura_session permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - function: name: migrate_plan_to_model schema: hasura @@ -66,8 +66,8 @@ function: migrate_plan_to_model session_argument: hasura_session permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - function: name: check_model_compatibility schema: hasura @@ -75,8 +75,8 @@ custom_root_fields: function: check_model_compatibility permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - function: name: check_model_compatibility_for_plan schema: hasura @@ -84,8 +84,8 @@ custom_root_fields: function: check_model_compatibility_for_plan permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - function: name: delete_activity_by_pk_reanchor_plan_start schema: hasura @@ -94,8 +94,8 @@ function: delete_activity_by_pk_reanchor_plan_start session_argument: hasura_session permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - function: name: delete_activity_by_pk_reanchor_plan_start_bulk schema: hasura @@ -104,8 +104,8 @@ function: delete_activity_by_pk_reanchor_plan_start_bulk session_argument: hasura_session permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - function: name: delete_activity_by_pk_reanchor_to_anchor schema: hasura @@ -114,8 +114,8 @@ function: delete_activity_by_pk_reanchor_to_anchor session_argument: hasura_session permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - function: name: delete_activity_by_pk_reanchor_to_anchor_bulk schema: hasura @@ -124,8 +124,8 @@ function: delete_activity_by_pk_reanchor_to_anchor_bulk session_argument: hasura_session permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - function: name: delete_activity_by_pk_delete_subtree schema: hasura @@ -134,8 +134,8 @@ function: delete_activity_by_pk_delete_subtree session_argument: hasura_session permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - function: name: delete_activity_by_pk_delete_subtree_bulk schema: hasura @@ -144,8 +144,8 @@ function: delete_activity_by_pk_delete_subtree_bulk session_argument: hasura_session permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - function: name: deny_merge schema: hasura @@ -154,8 +154,8 @@ function: deny_merge session_argument: hasura_session permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - function: name: duplicate_plan schema: hasura @@ -164,8 +164,8 @@ function: duplicate_plan session_argument: hasura_session permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - function: name: get_conflicting_activities schema: hasura @@ -175,9 +175,9 @@ session_argument: hasura_session exposed_as: query permissions: - - role: 1-aerie_admin - - role: 2-user - - role: 3-user + - role: aerie_admin + - role: user + - role: viewer - function: name: get_non_conflicting_activities schema: hasura @@ -187,9 +187,9 @@ session_argument: hasura_session exposed_as: query permissions: - - role: 1-aerie_admin - - role: 2-user - - role: 3-user + - role: aerie_admin + - role: user + - role: viewer - function: name: get_plan_history schema: hasura @@ -198,17 +198,17 @@ function: get_plan_history session_argument: hasura_session permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - function: name: get_resources_at_start_offset schema: hasura configuration: custom_name: getResourcesAtStartOffset permissions: - - role: 1-aerie_admin - - role: 2-user - - role: 3-user + - role: aerie_admin + - role: user + - role: viewer - function: name: restore_activity_changelog schema: hasura @@ -216,8 +216,8 @@ custom_name: restoreActivityFromChangelog session_argument: hasura_session permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - function: name: restore_from_snapshot schema: hasura @@ -226,8 +226,8 @@ function: restore_from_snapshot session_argument: hasura_session permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - function: name: set_resolution schema: hasura @@ -236,8 +236,8 @@ function: set_resolution session_argument: hasura_session permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - function: name: set_resolution_bulk schema: hasura @@ -246,8 +246,8 @@ function: set_resolution_bulk session_argument: hasura_session permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user - function: name: withdraw_merge_request schema: hasura @@ -256,5 +256,5 @@ function: withdraw_merge_request session_argument: hasura_session permissions: - - role: 1-aerie_admin - - role: 2-user + - role: aerie_admin + - role: user diff --git a/deployment/hasura/metadata/databases/tables/actions/action_definition.yaml b/deployment/hasura/metadata/databases/tables/actions/action_definition.yaml index 72ae3183fb..340157fd5d 100644 --- a/deployment/hasura/metadata/databases/tables/actions/action_definition.yaml +++ b/deployment/hasura/metadata/databases/tables/actions/action_definition.yaml @@ -11,23 +11,23 @@ object_relationships: using: foreign_key_constraint_on: action_file_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: "*" filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: "*" filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: "*" filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [name, description, action_file_id, workspace_id] check: {} @@ -35,13 +35,13 @@ insert_permissions: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [name, description, action_file_id, parameter_schema, settings_schema, settings, owner, workspace_id] filter: {} set: updated_by: "x-hasura-user-id" delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/actions/action_run.yaml b/deployment/hasura/metadata/databases/tables/actions/action_run.yaml index 7ff8bd6bc0..103c275c51 100644 --- a/deployment/hasura/metadata/databases/tables/actions/action_run.yaml +++ b/deployment/hasura/metadata/databases/tables/actions/action_run.yaml @@ -8,44 +8,44 @@ object_relationships: using: foreign_key_constraint_on: action_definition_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: "*" filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: "*" filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: "*" filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [settings, parameters, action_definition_id] check: {} set: requested_by: "x-hasura-user-id" - - role: 2-user + - role: user permission: columns: [settings, parameters, action_definition_id] check: {} set: requested_by: "x-hasura-user-id" update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [logs, error, results, status, canceled] filter: {} - - role: 2-user + - role: user permission: columns: [canceled] filter: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/begin_merge_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/begin_merge_return_value.yaml index 8c8bce7697..6487bb1640 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/begin_merge_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/begin_merge_return_value.yaml @@ -2,11 +2,11 @@ table: name: begin_merge_return_value schema: hasura select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} - - role: 2-user + - role: user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/cancel_merge_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/cancel_merge_return_value.yaml index 730a0af305..e7c4e90f2a 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/cancel_merge_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/cancel_merge_return_value.yaml @@ -2,11 +2,11 @@ table: name: cancel_merge_return_value schema: hasura select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} - - role: 2-user + - role: user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/check_model_compatibility_for_plan_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/check_model_compatibility_for_plan_return_value.yaml index 2dae363d5a..cb4a6b937d 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/check_model_compatibility_for_plan_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/check_model_compatibility_for_plan_return_value.yaml @@ -2,11 +2,11 @@ table: name: check_model_compatibility_for_plan_return_value schema: hasura select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} - - role: 2-user + - role: user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/check_model_compatibility_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/check_model_compatibility_return_value.yaml index a1766ed1f8..ae353ec7e8 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/check_model_compatibility_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/check_model_compatibility_return_value.yaml @@ -2,11 +2,11 @@ table: name: check_model_compatibility_return_value schema: hasura select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} - - role: 2-user + - role: user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/commit_merge_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/commit_merge_return_value.yaml index fd72489ffd..e90327f847 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/commit_merge_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/commit_merge_return_value.yaml @@ -2,11 +2,11 @@ table: name: commit_merge_return_value schema: hasura select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} - - role: 2-user + - role: user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/create_merge_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/create_merge_return_value.yaml index 8be288bc9b..aa2a9689bd 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/create_merge_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/create_merge_return_value.yaml @@ -2,11 +2,11 @@ table: name: create_merge_request_return_value schema: hasura select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} - - role: 2-user + - role: user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/create_snapshot_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/create_snapshot_return_value.yaml index 9ee4094eed..58c33454e1 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/create_snapshot_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/create_snapshot_return_value.yaml @@ -2,11 +2,11 @@ table: name: create_snapshot_return_value schema: hasura select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} - - role: 2-user + - role: user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/delete_anchor_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/delete_anchor_return_value.yaml index 70e84e1842..0824fcbdd2 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/delete_anchor_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/delete_anchor_return_value.yaml @@ -2,11 +2,11 @@ table: name: delete_anchor_return_value schema: hasura select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} - - role: 2-user + - role: user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/deny_merge_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/deny_merge_return_value.yaml index e27a48e937..7d929113af 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/deny_merge_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/deny_merge_return_value.yaml @@ -2,11 +2,11 @@ table: name: deny_merge_return_value schema: hasura select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} - - role: 2-user + - role: user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/duplicate_plan_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/duplicate_plan_return_value.yaml index 60b426c68a..52a63f53a9 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/duplicate_plan_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/duplicate_plan_return_value.yaml @@ -2,11 +2,11 @@ table: name: duplicate_plan_return_value schema: hasura select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} - - role: 2-user + - role: user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/get_conflicting_activities_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/get_conflicting_activities_return_value.yaml index 5d2d58d41c..d06f90a646 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/get_conflicting_activities_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/get_conflicting_activities_return_value.yaml @@ -2,11 +2,11 @@ table: name: get_conflicting_activities_return_value schema: hasura select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} - - role: 2-user + - role: user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/get_non_conflicting_activities_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/get_non_conflicting_activities_return_value.yaml index 4001720591..6d4185dfb7 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/get_non_conflicting_activities_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/get_non_conflicting_activities_return_value.yaml @@ -2,11 +2,11 @@ table: name: get_non_conflicting_activities_return_value schema: hasura select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} - - role: 2-user + - role: user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/get_plan_history_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/get_plan_history_return_value.yaml index 9dec8e794d..1e6d79fa9e 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/get_plan_history_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/get_plan_history_return_value.yaml @@ -2,11 +2,11 @@ table: name: get_plan_history_return_value schema: hasura select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} - - role: 2-user + - role: user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/migrate_plan_to_model_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/migrate_plan_to_model_return_value.yaml index 5dbaab226d..7aa1b0ef24 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/migrate_plan_to_model_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/migrate_plan_to_model_return_value.yaml @@ -2,11 +2,11 @@ table: name: migrate_plan_to_model_return_value schema: hasura select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} - - role: 2-user + - role: user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/refresh_activity_type_logs.yaml b/deployment/hasura/metadata/databases/tables/hasura/refresh_activity_type_logs.yaml index 7139a15ba2..76c4dfab77 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/refresh_activity_type_logs.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/refresh_activity_type_logs.yaml @@ -13,17 +13,17 @@ object_relationships: column_mapping: model_id: id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/refresh_model_parameter_logs.yaml b/deployment/hasura/metadata/databases/tables/hasura/refresh_model_parameter_logs.yaml index 85efa88cae..71d4b3def9 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/refresh_model_parameter_logs.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/refresh_model_parameter_logs.yaml @@ -13,17 +13,17 @@ object_relationships: column_mapping: model_id: id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/refresh_resource_types_logs.yaml b/deployment/hasura/metadata/databases/tables/hasura/refresh_resource_types_logs.yaml index 2f82b4d0ad..a442e8b65e 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/refresh_resource_types_logs.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/refresh_resource_types_logs.yaml @@ -13,17 +13,17 @@ object_relationships: column_mapping: model_id: id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/resource_at_start_offset_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/resource_at_start_offset_return_value.yaml index 52da91c7e7..a66a43320c 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/resource_at_start_offset_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/resource_at_start_offset_return_value.yaml @@ -2,11 +2,11 @@ table: name: resource_at_start_offset_return_value schema: hasura select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} - - role: 2-user + - role: user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/hasura/withdraw_merge_request_return_value.yaml b/deployment/hasura/metadata/databases/tables/hasura/withdraw_merge_request_return_value.yaml index 55ada1da61..451e744986 100644 --- a/deployment/hasura/metadata/databases/tables/hasura/withdraw_merge_request_return_value.yaml +++ b/deployment/hasura/metadata/databases/tables/hasura/withdraw_merge_request_return_value.yaml @@ -2,11 +2,11 @@ table: name: withdraw_merge_request_return_value schema: hasura select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} - - role: 2-user + - role: user permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive.yaml b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive.yaml index 2653dbf431..252e00d129 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive.yaml @@ -71,43 +71,43 @@ array_relationships: name: activity_directive_changelog schema: merlin select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [ name, start_offset, type, arguments, metadata, anchor_id, anchored_to_start, created_by ] filter: {} set: last_modified_by: "x-hasura-user-id" - - role: 2-user + - role: user permission: columns: [name, start_offset, arguments, metadata, anchor_id, anchored_to_start] filter: {"plan":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}} set: last_modified_by: "x-hasura-user-id" insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [name, start_offset, arguments, metadata, anchor_id, anchored_to_start, plan_id, type] check: {} set: last_modified_by: "x-hasura-user-id" created_by: "x-hasura-user-id" - - role: 2-user + - role: user permission: columns: [name, start_offset, arguments, metadata, anchor_id, anchored_to_start, plan_id, type] check: {"plan":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}} @@ -115,9 +115,9 @@ insert_permissions: last_modified_by: "x-hasura-user-id" created_by: "x-hasura-user-id" delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"plan":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}} diff --git a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_changelog.yaml b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_changelog.yaml index 0471dcd4b7..67bc16c29e 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_changelog.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_changelog.yaml @@ -10,28 +10,28 @@ object_relationships: - plan_id - activity_directive_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: - changed_by filter: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_extended.yaml b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_extended.yaml index b4632fcf02..b917e31299 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_extended.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_extended.yaml @@ -23,17 +23,17 @@ object_relationships: id: id plan_id: plan_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_metadata_schema.yaml b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_metadata_schema.yaml index b753ba1d19..9b4ab68f95 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_metadata_schema.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_metadata_schema.yaml @@ -4,40 +4,40 @@ table: configuration: custom_name: "activity_directive_metadata_schema" select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [key, schema, created_at] check: {} - - role: 2-user + - role: user permission: columns: [key, schema, created_at] check: {} update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [key, schema, created_at] filter: {} - - role: 2-user + - role: user permission: columns: [key, schema, created_at] filter: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_validations.yaml b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_validations.yaml index 7b19bef2eb..2912899fb9 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_validations.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_directive_validations.yaml @@ -4,22 +4,22 @@ table: configuration: custom_name: "activity_directive_validations" select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_presets.yaml b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_presets.yaml index 5da4eb3038..ea9740fd75 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_presets.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/activity_presets.yaml @@ -4,47 +4,47 @@ table: configuration: custom_name: "activity_presets" select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [model_id, name, associated_activity_type, arguments] check: {} set: owner: "x-hasura-user-id" - - role: 2-user + - role: user permission: columns: [model_id, name, associated_activity_type, arguments] check: {} set: owner: "x-hasura-user-id" update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [model_id, name, associated_activity_type, arguments, owner] filter: {} - - role: 2-user + - role: user permission: columns: [name, arguments, owner] filter: {"owner":{"_eq":"X-Hasura-User-Id"}} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"owner":{"_eq":"X-Hasura-User-Id"}} diff --git a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/anchor_validation_status.yaml b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/anchor_validation_status.yaml index 5fe6df2a01..ee30421f82 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/anchor_validation_status.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/anchor_validation_status.yaml @@ -4,22 +4,22 @@ table: configuration: custom_name: "anchor_validation_status" select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/preset_to_directive.yaml b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/preset_to_directive.yaml index 1f329b3ceb..5b797047be 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/activity_directive/preset_to_directive.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/activity_directive/preset_to_directive.yaml @@ -13,31 +13,31 @@ object_relationships: using: foreign_key_constraint_on: preset_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' check: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"directive_applied_to":{"plan":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}}} # Insert/Update are controlled via a SQL function diff --git a/deployment/hasura/metadata/databases/tables/merlin/activity_type.yaml b/deployment/hasura/metadata/databases/tables/merlin/activity_type.yaml index 26839479ef..01681ca599 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/activity_type.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/activity_type.yaml @@ -26,32 +26,32 @@ array_relationships: name: expansion_rule schema: sequencing select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [model_id, name, parameters, required_parameters, computed_attributes_value_schema, subsystem] check: {} update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [model_id, name, parameters, required_parameters, computed_attributes_value_schema, subsystem] filter: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_definition.yaml b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_definition.yaml index 99987e3f21..7f4625e416 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_definition.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_definition.yaml @@ -36,12 +36,12 @@ array_relationships: name: constraint_definition_tags schema: tags select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' # Select is allowed if: @@ -61,7 +61,7 @@ select_permissions: {"owner":{"_eq":"X-Hasura-User-Id"}}, {"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}}]}}}]}} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {"metadata": {"_or":[ @@ -73,28 +73,28 @@ select_permissions: {"models_using":{"model":{"owner":{"_eq":"X-Hasura-User-Id"}}}}]}} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [constraint_id, definition, type, uploaded_jar_id] check: {} set: author: "x-hasura-user-id" - - role: 2-user + - role: user permission: columns: [constraint_id, definition, type, uploaded_jar_id] check: {"_or":[{"metadata":{"public":{"_eq":true}}},{"metadata":{"owner":{"_eq":"X-Hasura-User-Id"}}}]} set: author: "x-hasura-user-id" update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [definition, author] filter: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"_or":[ diff --git a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_metadata.yaml b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_metadata.yaml index 20085990c8..f147f89668 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_metadata.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_metadata.yaml @@ -33,12 +33,12 @@ array_relationships: name: constraint_specification schema: merlin select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' # Select is allowed if: @@ -58,7 +58,7 @@ select_permissions: {"owner":{"_eq":"X-Hasura-User-Id"}}, {"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}}]}}}]} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {"_or":[ @@ -70,14 +70,14 @@ select_permissions: {"models_using":{"model":{"owner":{"_eq":"X-Hasura-User-Id"}}}}]} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [name, description, public] check: {} set: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" - - role: 2-user + - role: user permission: columns: [name, description, public] check: {} @@ -85,13 +85,13 @@ insert_permissions: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [name, description, public, owner] filter: {} set: updated_by: "x-hasura-user-id" - - role: 2-user + - role: user permission: columns: [name, description, public, owner] filter: { "owner": { "_eq": "X-Hasura-User-Id" } } @@ -99,9 +99,9 @@ update_permissions: set: updated_by: "x-hasura-user-id" delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: { "owner": {"_eq": "X-Hasura-User-Id"} } diff --git a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_model_specification.yaml b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_model_specification.yaml index af81e2e1be..62b7c96c51 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_model_specification.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_model_specification.yaml @@ -19,27 +19,27 @@ object_relationships: - constraint_id - constraint_revision select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [model_id, constraint_id, constraint_revision, priority, arguments] check: {} - - role: 2-user + - role: user permission: columns: [model_id, constraint_id, constraint_revision, priority, arguments] check: { "_and": [ @@ -47,18 +47,18 @@ insert_permissions: { "constraint_metadata": { "_or": [ { "public": { "_eq": true } }, { "owner": { "_eq": "X-Hasura-User-Id" } } ] } } ] } update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [constraint_revision, priority, arguments] filter: {} - - role: 2-user + - role: user permission: columns: [constraint_revision, priority, arguments] filter: {"model": {"owner": {"_eq": "X-Hasura-User-Id"}}} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"model": {"owner": {"_eq": "X-Hasura-User-Id"}}} diff --git a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_request.yaml b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_request.yaml index 57eb52d410..bb5fb1740a 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_request.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_request.yaml @@ -19,22 +19,22 @@ array_relationships: name: constraint_run schema: merlin select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_results.yaml b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_results.yaml index f2121e9da8..41d52902b5 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_results.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_results.yaml @@ -30,22 +30,22 @@ array_relationships: name: constraint_run schema: merlin select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_run.yaml b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_run.yaml index 6fa7caffa8..579f6560cd 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_run.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_run.yaml @@ -17,22 +17,22 @@ object_relationships: using: foreign_key_constraint_on: constraint_results_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_specification.yaml b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_specification.yaml index 14331dda6b..00663f278f 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_specification.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/constraints/constraint_specification.yaml @@ -27,27 +27,27 @@ array_relationships: name: constraint_run schema: merlin select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [plan_id, constraint_id, constraint_revision, enabled, arguments, priority] check: {} - - role: 2-user + - role: user permission: columns: [plan_id, constraint_id, constraint_revision, enabled, arguments, priority] check: { "_and": [ @@ -59,18 +59,18 @@ insert_permissions: { "owner": { "_eq": "X-Hasura-User-Id" } }, { "models_using": { "model": { "plans": { "id": { "_ceq": ["$","plan_id"] } } } } } ] } } ] } update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [constraint_revision, enabled, arguments, priority] filter: {} - - role: 2-user + - role: user permission: columns: [constraint_revision, enabled, arguments, priority] filter: { "plan": { "_or": [ { "owner": { "_eq": "X-Hasura-User-Id" } },{ "collaborators": { "collaborator": { "_eq": "X-Hasura-User-Id" }}}]}} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: { "plan": { "_or": [ { "owner": { "_eq": "X-Hasura-User-Id" } },{ "collaborators": { "collaborator": { "_eq": "X-Hasura-User-Id" }}}]}} diff --git a/deployment/hasura/metadata/databases/tables/merlin/dataset/dataset.yaml b/deployment/hasura/metadata/databases/tables/merlin/dataset/dataset.yaml index 3f48abf1dc..5e77a14ee6 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/dataset/dataset.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/dataset/dataset.yaml @@ -28,27 +28,27 @@ array_relationships: name: topic schema: merlin select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [revision] check: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/dataset/event.yaml b/deployment/hasura/metadata/databases/tables/merlin/dataset/event.yaml index 7786b43fe1..9d590fadc2 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/dataset/event.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/dataset/event.yaml @@ -4,22 +4,22 @@ table: configuration: custom_name: "event" select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/dataset/profile.yaml b/deployment/hasura/metadata/databases/tables/merlin/dataset/profile.yaml index 52df789329..5a3d7e7669 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/dataset/profile.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/dataset/profile.yaml @@ -14,22 +14,22 @@ array_relationships: id: profile_id dataset_id: dataset_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/dataset/profile_segment.yaml b/deployment/hasura/metadata/databases/tables/merlin/dataset/profile_segment.yaml index 499a012823..922353a11e 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/dataset/profile_segment.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/dataset/profile_segment.yaml @@ -4,22 +4,22 @@ table: configuration: custom_name: "profile_segment" select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/dataset/resource_profile_view.yaml b/deployment/hasura/metadata/databases/tables/merlin/dataset/resource_profile_view.yaml index ae880ecf42..481cb08615 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/dataset/resource_profile_view.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/dataset/resource_profile_view.yaml @@ -21,22 +21,22 @@ object_relationships: column_mapping: profile_id: id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/dataset/span.yaml b/deployment/hasura/metadata/databases/tables/merlin/dataset/span.yaml index 49293ede77..95bd612db3 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/dataset/span.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/dataset/span.yaml @@ -26,22 +26,22 @@ array_relationships: name: span schema: merlin select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/dataset/topic.yaml b/deployment/hasura/metadata/databases/tables/merlin/dataset/topic.yaml index 60ed04b58a..93289e072b 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/dataset/topic.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/dataset/topic.yaml @@ -14,22 +14,22 @@ array_relationships: dataset_id: dataset_id topic_index: topic_index select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/derivation_group.yaml b/deployment/hasura/metadata/databases/tables/merlin/derivation_group.yaml index ddfb54cf36..295485faf3 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/derivation_group.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/derivation_group.yaml @@ -25,38 +25,38 @@ array_relationships: column_mapping: name: derivation_group_name select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [name, source_type_name] check: {} set: owner: "x-hasura-user-id" - - role: 2-user + - role: user permission: columns: [name, source_type_name] check: {} set: owner: "x-hasura-user-id" delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"owner":{"_eq":"x-hasura-user-id"}} diff --git a/deployment/hasura/metadata/databases/tables/merlin/derived_events.yaml b/deployment/hasura/metadata/databases/tables/merlin/derived_events.yaml index 04e56334c0..bf2c3a87ef 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/derived_events.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/derived_events.yaml @@ -25,17 +25,17 @@ object_relationships: source_key: source_key derivation_group_name: derivation_group_name select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/external_event.yaml b/deployment/hasura/metadata/databases/tables/merlin/external_event.yaml index 9449d6ea0b..7e43df502f 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/external_event.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/external_event.yaml @@ -13,31 +13,31 @@ object_relationships: using: foreign_key_constraint_on: event_type_name select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [key, event_type_name, source_key, derivation_group_name, start_time, duration, attributes] check: {} - - role: 2-user + - role: user permission: columns: [key, event_type_name, source_key, derivation_group_name, start_time, duration, attributes] check: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/external_event_type.yaml b/deployment/hasura/metadata/databases/tables/merlin/external_event_type.yaml index 7c01158b98..a3f6abde05 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/external_event_type.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/external_event_type.yaml @@ -12,27 +12,27 @@ array_relationships: name: external_event schema: merlin select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [name, attribute_schema] check: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/external_source.yaml b/deployment/hasura/metadata/databases/tables/merlin/external_source.yaml index 75d9c73c95..ba226b0376 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/external_source.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/external_source.yaml @@ -21,39 +21,39 @@ object_relationships: using: foreign_key_constraint_on: derivation_group_name select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [key, source_type_name, valid_at, start_time, end_time, derivation_group_name, created_at, attributes] check: {} set: owner: "x-hasura-user-id" - - role: 2-user + - role: user permission: columns: [key, source_type_name, valid_at, start_time, end_time, derivation_group_name, created_at, attributes] check: {} set: owner: "x-hasura-user-id" delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: { "_or": [ diff --git a/deployment/hasura/metadata/databases/tables/merlin/external_source_type.yaml b/deployment/hasura/metadata/databases/tables/merlin/external_source_type.yaml index 38a2442094..26d7f15195 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/external_source_type.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/external_source_type.yaml @@ -19,27 +19,27 @@ array_relationships: name: derivation_group schema: merlin select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [name, attribute_schema] check: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/merging/conflicting_activities.yaml b/deployment/hasura/metadata/databases/tables/merlin/merging/conflicting_activities.yaml index 5d6c3c5bb7..a6bcec71ea 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/merging/conflicting_activities.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/merging/conflicting_activities.yaml @@ -8,27 +8,27 @@ object_relationships: using: foreign_key_constraint_on: merge_request_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [resolution] filter: {} - - role: 2-user + - role: user permission: columns: [resolution] filter: {"merge_request":{"plan_receiving_changes":{"owner":{"_eq":"X-Hasura-User-Id"}}}} diff --git a/deployment/hasura/metadata/databases/tables/merlin/merging/merge_request.yaml b/deployment/hasura/metadata/databases/tables/merlin/merging/merge_request.yaml index 9043d7f5db..fc3717d342 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/merging/merge_request.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/merging/merge_request.yaml @@ -45,23 +45,23 @@ array_relationships: name: merge_staging_area schema: merlin select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true # Insert/Update Permissions are not included because these actions are controlled via SQL functions delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {"status":{"_neq":"in-progress"}} diff --git a/deployment/hasura/metadata/databases/tables/merlin/merging/merge_request_comment.yaml b/deployment/hasura/metadata/databases/tables/merlin/merging/merge_request_comment.yaml index f2329b9bf2..0eeea2fe4f 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/merging/merge_request_comment.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/merging/merge_request_comment.yaml @@ -8,29 +8,29 @@ object_relationships: using: foreign_key_constraint_on: merge_request_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [merge_request_id, comment_text] check: {} set: commenter_username: 'x-hasura-user-id' - - role: 2-user + - role: user permission: columns: [merge_request_id, comment_text] check: {"merge_request": @@ -46,18 +46,18 @@ insert_permissions: set: commenter_username: 'x-hasura-user-id' update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [merge_request_id, commenter_username, comment_text] filter: {} - - role: 2-user + - role: user permission: columns: [comment_text] filter: {"commenter_username":{"_eq":"X-Hasura-User-Id"}} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"commenter_username":{"_eq":"X-Hasura-User-Id"}} diff --git a/deployment/hasura/metadata/databases/tables/merlin/merging/merge_staging_area.yaml b/deployment/hasura/metadata/databases/tables/merlin/merging/merge_staging_area.yaml index e642b23bc1..cbe6b75734 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/merging/merge_staging_area.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/merging/merge_staging_area.yaml @@ -8,17 +8,17 @@ object_relationships: using: foreign_key_constraint_on: merge_request_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/mission_model.yaml b/deployment/hasura/metadata/databases/tables/merlin/mission_model.yaml index 747f55ab67..989c391a9e 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/mission_model.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/mission_model.yaml @@ -85,35 +85,35 @@ array_relationships: column_mapping: id: model_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: "*" filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: "*" filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: "*" filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [mission, name, version, description, jar_id, default_view_id] check: {} set: owner: "x-hasura-user-id" update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [mission, name, version, description, owner, default_view_id] filter: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/mission_model_parameters.yaml b/deployment/hasura/metadata/databases/tables/merlin/mission_model_parameters.yaml index 5d1e694d00..0391723e78 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/mission_model_parameters.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/mission_model_parameters.yaml @@ -4,26 +4,26 @@ table: configuration: custom_name: "mission_model_parameters" select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [parameters] filter: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/plan.yaml b/deployment/hasura/metadata/databases/tables/merlin/plan.yaml index 3785d87275..a29f047350 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/plan.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/plan.yaml @@ -68,30 +68,30 @@ array_relationships: name: plan schema: merlin select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [name, duration, model_id, parent_id, start_time, description] check: {} set: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" - - role: 2-user + - role: user permission: columns: [name, duration, model_id, parent_id, start_time, description] check: {} @@ -99,22 +99,22 @@ insert_permissions: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [name, owner, duration, model_id, parent_id, start_time, description] filter: {} set: updated_by: "x-hasura-user-id" - - role: 2-user + - role: user permission: columns: [name, owner, description] filter: {"owner":{"_eq":"X-Hasura-User-Id"}} set: updated_by: "x-hasura-user-id" delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"owner":{"_eq":"X-Hasura-User-Id"}} diff --git a/deployment/hasura/metadata/databases/tables/merlin/plan_collaborators.yaml b/deployment/hasura/metadata/databases/tables/merlin/plan_collaborators.yaml index 6e22b49a02..b5b9db95c1 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/plan_collaborators.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/plan_collaborators.yaml @@ -8,34 +8,34 @@ object_relationships: using: foreign_key_constraint_on: plan_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [plan_id, collaborator] check: {} - - role: 2-user + - role: user permission: columns: [plan_id, collaborator] check: {"plan":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"plan":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}} diff --git a/deployment/hasura/metadata/databases/tables/merlin/plan_dataset.yaml b/deployment/hasura/metadata/databases/tables/merlin/plan_dataset.yaml index 5bc3ae7a62..5b178046c4 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/plan_dataset.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/plan_dataset.yaml @@ -11,26 +11,26 @@ object_relationships: using: foreign_key_constraint_on: plan_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"plan":{"owner":{"_eq":"X-Hasura-User-Id"}}} # Uploading/Extending is controlled via an action diff --git a/deployment/hasura/metadata/databases/tables/merlin/plan_derivation_group.yaml b/deployment/hasura/metadata/databases/tables/merlin/plan_derivation_group.yaml index d36c57fcae..24bea9254c 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/plan_derivation_group.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/plan_derivation_group.yaml @@ -11,27 +11,27 @@ object_relationships: using: foreign_key_constraint_on: derivation_group_name select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [plan_id, derivation_group_name] check: {} - - role: 2-user + - role: user permission: columns: [plan_id, derivation_group_name] check: { @@ -47,11 +47,11 @@ insert_permissions: } } update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [ acknowledged ] filter: {} - - role: 2-user + - role: user permission: columns: [ acknowledged ] filter: { @@ -67,10 +67,10 @@ update_permissions: } } delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: { "plan": { diff --git a/deployment/hasura/metadata/databases/tables/merlin/resource_type.yaml b/deployment/hasura/metadata/databases/tables/merlin/resource_type.yaml index 8bef0ee9a7..1c6326de79 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/resource_type.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/resource_type.yaml @@ -4,22 +4,22 @@ table: configuration: custom_name: "resource_type" select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/simulation/simulated_activity_view.yaml b/deployment/hasura/metadata/databases/tables/merlin/simulation/simulated_activity_view.yaml index e5611b604e..bf0bd9179e 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/simulation/simulated_activity_view.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/simulation/simulated_activity_view.yaml @@ -30,17 +30,17 @@ object_relationships: column_mapping: directive_id: id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation.yaml b/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation.yaml index 4b36dd8649..028f9215d9 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation.yaml @@ -26,32 +26,32 @@ array_relationships: name: simulation_dataset schema: merlin select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [simulation_template_id, arguments, simulation_start_time, simulation_end_time] filter: {} - - role: 2-user + - role: user permission: columns: [simulation_template_id, arguments, simulation_start_time, simulation_end_time] filter: {"plan":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}} # Insert/Delete are handled via Postgres Triggers delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation_dataset.yaml b/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation_dataset.yaml index f44b35027d..e45641a8c7 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation_dataset.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation_dataset.yaml @@ -35,35 +35,35 @@ array_relationships: name: constraint_request schema: merlin select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [requested_by, canceled] filter: {} - - role: 2-user + - role: user permission: columns: [canceled] filter: {"simulation":{"plan":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}}} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"simulation":{"plan":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}}} # Insert is handled via Aerie Merlin diff --git a/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation_extent.yaml b/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation_extent.yaml index 689de32539..8d1ac095d9 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation_extent.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation_extent.yaml @@ -4,22 +4,22 @@ table: configuration: custom_name: "simulation_extent" select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation_template.yaml b/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation_template.yaml index 734b90918b..635290e7f7 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation_template.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/simulation/simulation_template.yaml @@ -8,47 +8,47 @@ object_relationships: using: foreign_key_constraint_on: model_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [model_id, description, arguments] check: {} set: owner: 'x-hasura-user-id' - - role: 2-user + - role: user permission: columns: [model_id, description, arguments] check: {} set: owner: 'x-hasura-user-id' update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [model_id, description, arguments, owner] filter: {} - - role: 2-user + - role: user permission: columns: [description, arguments, owner] filter: {"owner":{"_eq":"X-Hasura-User-Id"}} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"owner":{"_eq":"X-Hasura-User-Id"}} diff --git a/deployment/hasura/metadata/databases/tables/merlin/snapshot/plan_snapshot.yaml b/deployment/hasura/metadata/databases/tables/merlin/snapshot/plan_snapshot.yaml index 85834f4550..0f5f90eb1e 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/snapshot/plan_snapshot.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/snapshot/plan_snapshot.yaml @@ -23,33 +23,33 @@ array_relationships: name: plan_snapshot_tags schema: tags select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [description, taken_by] filter: {} - - role: 2-user + - role: user permission: columns: [description] filter: {"plan":{"_or":[ {"owner":{"_eq":"X-Hasura-User-Id"}}, {"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/snapshot/plan_snapshot_activities.yaml b/deployment/hasura/metadata/databases/tables/merlin/snapshot/plan_snapshot_activities.yaml index 61a7bf396d..cd33ee83d6 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/snapshot/plan_snapshot_activities.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/snapshot/plan_snapshot_activities.yaml @@ -18,22 +18,22 @@ array_relationships: name: snapshot_activity_tags schema: tags select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/snapshot/preset_to_snapshot_directive.yaml b/deployment/hasura/metadata/databases/tables/merlin/snapshot/preset_to_snapshot_directive.yaml index d1420f07be..fdad54a195 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/snapshot/preset_to_snapshot_directive.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/snapshot/preset_to_snapshot_directive.yaml @@ -13,22 +13,22 @@ object_relationships: using: foreign_key_constraint_on: preset_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/merlin/uploaded_file.yaml b/deployment/hasura/metadata/databases/tables/merlin/uploaded_file.yaml index a37ba3199d..12a675b2b4 100644 --- a/deployment/hasura/metadata/databases/tables/merlin/uploaded_file.yaml +++ b/deployment/hasura/metadata/databases/tables/merlin/uploaded_file.yaml @@ -4,22 +4,22 @@ table: configuration: custom_name: "uploaded_file" select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/migrations/applied_migrations_view.yaml b/deployment/hasura/metadata/databases/tables/migrations/applied_migrations_view.yaml index 1e862cf2ad..2ede6993f7 100644 --- a/deployment/hasura/metadata/databases/tables/migrations/applied_migrations_view.yaml +++ b/deployment/hasura/metadata/databases/tables/migrations/applied_migrations_view.yaml @@ -4,7 +4,7 @@ table: configuration: custom_name: "applied_migrations" select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/permissions/user_role_permission.yaml b/deployment/hasura/metadata/databases/tables/permissions/user_role_permission.yaml index ef7c5b2663..2d44b641bd 100644 --- a/deployment/hasura/metadata/databases/tables/permissions/user_role_permission.yaml +++ b/deployment/hasura/metadata/databases/tables/permissions/user_role_permission.yaml @@ -4,28 +4,28 @@ table: configuration: custom_name: "user_role_permission" select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [role, action_permissions, function_permissions] check: {} update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [action_permissions, function_permissions] filter: {} diff --git a/deployment/hasura/metadata/databases/tables/permissions/user_roles.yaml b/deployment/hasura/metadata/databases/tables/permissions/user_roles.yaml index 1de8863241..d7bcbdbfc9 100644 --- a/deployment/hasura/metadata/databases/tables/permissions/user_roles.yaml +++ b/deployment/hasura/metadata/databases/tables/permissions/user_roles.yaml @@ -5,33 +5,33 @@ configuration: custom_name: "user_roles" is_enum: true select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [role, description] check: {"role":{"_neq":"admin"}} update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [role, description] filter: {} check: {"role":{"_neq":"admin"}} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/permissions/users_allowed_roles.yaml b/deployment/hasura/metadata/databases/tables/permissions/users_allowed_roles.yaml index 4c6416dd9d..8d983b8b34 100644 --- a/deployment/hasura/metadata/databases/tables/permissions/users_allowed_roles.yaml +++ b/deployment/hasura/metadata/databases/tables/permissions/users_allowed_roles.yaml @@ -4,32 +4,32 @@ table: configuration: custom_name: "users_allowed_roles" select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {"username":{"_eq":"X-Hasura-User-Id"}} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {"username":{"_eq":"X-Hasura-User-Id"}} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [username, allowed_role] check: {} update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [username, allowed_role] filter: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/permissions/users_and_roles_view.yaml b/deployment/hasura/metadata/databases/tables/permissions/users_and_roles_view.yaml index 2f4ce941fd..f586c33fb9 100644 --- a/deployment/hasura/metadata/databases/tables/permissions/users_and_roles_view.yaml +++ b/deployment/hasura/metadata/databases/tables/permissions/users_and_roles_view.yaml @@ -4,17 +4,17 @@ table: configuration: custom_name: "users_and_roles" select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {"username":{"_eq":"X-Hasura-User-Id"}} allow_aggregations: false - - role: 3-user + - role: viewer permission: columns: '*' filter: { "username": { "_eq": "X-Hasura-User-Id" } } diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_condition_definition.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_condition_definition.yaml index d16552c42a..de59117702 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_condition_definition.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_condition_definition.yaml @@ -36,45 +36,45 @@ array_relationships: name: scheduling_specification_conditions schema: scheduler select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' # This should have filtering based on privacy, but cross-database permissions restrictions prevent that filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [condition_id, definition] check: {} set: author: "x-hasura-user-id" - - role: 2-user + - role: user permission: columns: [condition_id, definition] check: {"_or":[{"metadata":{"public":{"_eq":true}}},{"metadata":{"owner":{"_eq":"X-Hasura-User-Id"}}}]} set: author: "x-hasura-user-id" update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [definition, author] filter: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"_or":[ diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_condition_metadata.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_condition_metadata.yaml index e7e0ddaff6..ed57446b04 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_condition_metadata.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_condition_metadata.yaml @@ -33,31 +33,31 @@ array_relationships: name: scheduling_specification_conditions schema: scheduler select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' # This should have filtering based on privacy, but cross-database permissions restrictions prevent that filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [name, description, public] check: {} set: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" - - role: 2-user + - role: user permission: columns: [name, description, public] check: {} @@ -65,22 +65,22 @@ insert_permissions: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [name, description, public, owner] filter: {} set: updated_by: "x-hasura-user-id" - - role: 2-user + - role: user permission: columns: [name, description, public, owner] filter: { "owner": { "_eq": "X-Hasura-User-Id" } } set: updated_by: "x-hasura-user-id" delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: { "owner": { "_eq": "X-Hasura-User-Id" } } diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_goal_definition.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_goal_definition.yaml index 8e9462dffb..882da9524a 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_goal_definition.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_goal_definition.yaml @@ -48,45 +48,45 @@ array_relationships: name: scheduling_specification_goals schema: scheduler select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' # This should have filtering based on privacy, but cross-database permissions restrictions prevent that filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [goal_id, definition, type, uploaded_jar_id, parameter_schema] check: {} set: author: "x-hasura-user-id" - - role: 2-user + - role: user permission: columns: [goal_id, definition, type, uploaded_jar_id, parameter_schema] check: {"_or":[{"metadata":{"public":{"_eq":true}}},{"metadata":{"owner":{"_eq":"X-Hasura-User-Id"}}}]} set: author: "x-hasura-user-id" update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [definition, author] filter: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"_or":[ diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_goal_metadata.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_goal_metadata.yaml index 9e700e136d..72c843b18e 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_goal_metadata.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_goal_metadata.yaml @@ -41,31 +41,31 @@ array_relationships: name: scheduling_specification_goals schema: scheduler select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' # This should have filtering based on privacy, but cross-database permissions restrictions prevent that filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [name, description, public] check: {} set: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" - - role: 2-user + - role: user permission: columns: [name, description, public] check: {} @@ -73,22 +73,22 @@ insert_permissions: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [name, description, public, owner] filter: {} set: updated_by: "x-hasura-user-id" - - role: 2-user + - role: user permission: columns: [name, description, public, owner] filter: { "owner": { "_eq": "X-Hasura-User-Id" } } set: updated_by: "x-hasura-user-id" delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: { "owner": { "_eq": "X-Hasura-User-Id" } } diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_goal_analysis.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_goal_analysis.yaml index a3d0ad92f8..5642b0dc8f 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_goal_analysis.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_goal_analysis.yaml @@ -31,27 +31,27 @@ array_relationships: name: scheduling_goal_analysis_satisfying_activities schema: scheduler select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [satisfied] filter: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_goal_analysis_created_activities.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_goal_analysis_created_activities.yaml index 8aa1e71443..1a6c3605b2 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_goal_analysis_created_activities.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_goal_analysis_created_activities.yaml @@ -13,21 +13,21 @@ object_relationships: - goal_invocation_id - analysis_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_goal_analysis_satisfying_activities.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_goal_analysis_satisfying_activities.yaml index d530c6c541..7c5640a1b8 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_goal_analysis_satisfying_activities.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_goal_analysis_satisfying_activities.yaml @@ -13,21 +13,21 @@ object_relationships: - goal_invocation_id - analysis_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_request.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_request.yaml index 33c6041d04..e119d75b0e 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_request.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_run/scheduling_request.yaml @@ -38,35 +38,35 @@ array_relationships: name: simulation_dataset schema: merlin select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true # Inserting/Updating is handled via the AerieScheduler update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [requested_by, canceled] filter: {} - - role: 2-user + - role: user permission: columns: [canceled] filter: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_model_specification_conditions.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_model_specification_conditions.yaml index 1b6686972d..d509dfd8f0 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_model_specification_conditions.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_model_specification_conditions.yaml @@ -16,44 +16,44 @@ object_relationships: using: foreign_key_constraint_on: model_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true # TODO: Modify these once we have a solution for cross-db auth (These permissions should be based on model ownership) insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [model_id, condition_id, condition_revision] check: {} - - role: 2-user + - role: user permission: columns: [model_id, condition_id, condition_revision] check: {} update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [condition_revision] filter: {} - - role: 2-user + - role: user permission: columns: [condition_revision] filter: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_model_specification_goals.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_model_specification_goals.yaml index 514c06c14d..69e3cb8859 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_model_specification_goals.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_model_specification_goals.yaml @@ -16,44 +16,44 @@ object_relationships: using: foreign_key_constraint_on: model_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true # TODO: Modify these once we have a solution for cross-db auth (These permissions should be based on model ownership) insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [model_id, goal_id, goal_revision, priority, arguments] check: {} - - role: 2-user + - role: user permission: columns: [model_id, goal_id, goal_revision, priority, arguments] check: {} update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [goal_revision, priority, arguments] filter: {} - - role: 2-user + - role: user permission: columns: [goal_revision, priority, arguments] filter: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_specification.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_specification.yaml index fd707cd746..d9936c75aa 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_specification.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_specification.yaml @@ -30,44 +30,44 @@ array_relationships: name: scheduling_request schema: scheduler select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true # TODO: Modify these once we have a solution for cross-db auth (These permissions should be based on plan ownership/collaboratorship) insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [plan_id, plan_revision, horizon_start, horizon_end, simulation_arguments, analysis_only] check: {} - - role: 2-user + - role: user permission: columns: [plan_id, plan_revision, horizon_start, horizon_end, simulation_arguments, analysis_only] check: {} update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [plan_id, plan_revision, horizon_start, horizon_end, simulation_arguments, analysis_only] filter: {} - - role: 2-user + - role: user permission: columns: [plan_revision, horizon_start, horizon_end, simulation_arguments, analysis_only] filter: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_specification_conditions.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_specification_conditions.yaml index 599635e2ff..fa3a24863b 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_specification_conditions.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_specification_conditions.yaml @@ -16,44 +16,44 @@ object_relationships: using: foreign_key_constraint_on: specification_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true # TODO: Modify these once we have a solution for cross-db auth (These permissions should be based on plan ownership/collaboratorship) insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [specification_id, condition_id, condition_revision, enabled] check: {} - - role: 2-user + - role: user permission: columns: [specification_id, condition_id, condition_revision, enabled] check: {} update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [condition_revision, enabled] filter: {} - - role: 2-user + - role: user permission: columns: [condition_revision, enabled] filter: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_specification_goals.yaml b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_specification_goals.yaml index 46b03184ae..a18ae58fd4 100644 --- a/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_specification_goals.yaml +++ b/deployment/hasura/metadata/databases/tables/scheduler/scheduling_specification/scheduling_specification_goals.yaml @@ -16,44 +16,44 @@ object_relationships: using: foreign_key_constraint_on: specification_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true # TODO: Modify these once we have a solution for cross-db auth (These permissions should be based on plan ownership/collaboratorship) insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [specification_id, goal_id, goal_revision, priority, enabled, simulate_after, arguments, goal_invocation_id] check: {} - - role: 2-user + - role: user permission: columns: [specification_id, goal_id, goal_revision, priority, enabled, simulate_after, arguments, goal_invocation_id] check: {} update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [goal_revision, priority, enabled, simulate_after, arguments] filter: {} - - role: 2-user + - role: user permission: columns: [goal_revision, priority, enabled, simulate_after, arguments] filter: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/activity_instance_commands.yaml b/deployment/hasura/metadata/databases/tables/sequencing/activity_instance_commands.yaml index 66af0947d2..4f393e17dc 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/activity_instance_commands.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/activity_instance_commands.yaml @@ -16,22 +16,22 @@ object_relationships: name: span schema: merlin select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/channel_dictionary.yaml b/deployment/hasura/metadata/databases/tables/sequencing/channel_dictionary.yaml index 371c6daedd..316cdcdabf 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/channel_dictionary.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/channel_dictionary.yaml @@ -4,27 +4,27 @@ table: configuration: custom_name: "channel_dictionary" insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: "*" check: { } select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: "*" filter: { } allow_aggregations: true - - role: 2-user + - role: user permission: columns: "*" filter: { } allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: "*" filter: { } allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: { } diff --git a/deployment/hasura/metadata/databases/tables/sequencing/command_dictionary.yaml b/deployment/hasura/metadata/databases/tables/sequencing/command_dictionary.yaml index f5dc4117f6..f0298d6f53 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/command_dictionary.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/command_dictionary.yaml @@ -4,22 +4,22 @@ table: configuration: custom_name: "command_dictionary" select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: "*" filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: "*" filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: "*" filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/expanded_sequences.yaml b/deployment/hasura/metadata/databases/tables/sequencing/expanded_sequences.yaml index afc33e3004..1baed0eab7 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/expanded_sequences.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/expanded_sequences.yaml @@ -13,22 +13,22 @@ object_relationships: - seq_id - simulation_dataset_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/expanded_templates.yaml b/deployment/hasura/metadata/databases/tables/sequencing/expanded_templates.yaml index bd36f5b9df..efb0652a3c 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/expanded_templates.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/expanded_templates.yaml @@ -14,22 +14,22 @@ object_relationships: foreign_key_constraint_on: - simulation_dataset_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/expansion_rule.yaml b/deployment/hasura/metadata/databases/tables/sequencing/expansion_rule.yaml index b8523cf005..d5ed8a0961 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/expansion_rule.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/expansion_rule.yaml @@ -21,30 +21,30 @@ array_relationships: name: expansion_rule_tags schema: tags select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [name, activity_type, expansion_logic, parcel_id, authoring_mission_model_id, description] check: {} set: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" - - role: 2-user + - role: user permission: columns: [name, activity_type, expansion_logic, parcel_id, authoring_mission_model_id, description] check: {} @@ -52,23 +52,23 @@ insert_permissions: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [name, activity_type, expansion_logic, parcel_id, authoring_mission_model_id, description, owner] filter: {} set: updated_by: "x-hasura-user-id" - - role: 2-user + - role: user permission: columns: [name, expansion_logic, description, owner] filter: {"owner":{"_eq":"x-hasura-user-id"}} set: updated_by: "x-hasura-user-id" delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"owner":{"_eq":"x-hasura-user-id"}} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/expansion_run.yaml b/deployment/hasura/metadata/databases/tables/sequencing/expansion_run.yaml index 63b227eae6..3070f9495c 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/expansion_run.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/expansion_run.yaml @@ -26,25 +26,25 @@ array_relationships: name: expanded_sequences schema: sequencing select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/expansion_set.yaml b/deployment/hasura/metadata/databases/tables/sequencing/expansion_set.yaml index b7fc8952e2..ab6b693346 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/expansion_set.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/expansion_set.yaml @@ -28,38 +28,38 @@ array_relationships: column_mapping: id: set_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [name, description, parcel_id, mission_model_id, owner] filter: {} set: updated_by: "x-hasura-user-id" - - role: 2-user + - role: user permission: columns: [name, description, owner] filter: {} # Restrict to owner when sequencing fills that column set: updated_by: "x-hasura-user-id" delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {} # Restrict to owner when sequencing fills that column diff --git a/deployment/hasura/metadata/databases/tables/sequencing/expansion_set_rule_view.yaml b/deployment/hasura/metadata/databases/tables/sequencing/expansion_set_rule_view.yaml index b085d6995b..9c7ebcb46d 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/expansion_set_rule_view.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/expansion_set_rule_view.yaml @@ -14,17 +14,17 @@ array_relationships: column_mapping: set_id: id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/expansion_set_to_rule.yaml b/deployment/hasura/metadata/databases/tables/sequencing/expansion_set_to_rule.yaml index 7da86cf29f..56e257e8b3 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/expansion_set_to_rule.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/expansion_set_to_rule.yaml @@ -17,17 +17,17 @@ array_relationships: name: expansion_rule schema: sequencing select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/parameter_dictionary.yaml b/deployment/hasura/metadata/databases/tables/sequencing/parameter_dictionary.yaml index 3d9d89571d..d236261d1f 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/parameter_dictionary.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/parameter_dictionary.yaml @@ -4,27 +4,27 @@ table: configuration: custom_name: "parameter_dictionary" insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: "*" check: {} select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: "*" filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: "*" filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: "*" filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/parcel.yaml b/deployment/hasura/metadata/databases/tables/sequencing/parcel.yaml index 3e0321c40d..d22285b1a7 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/parcel.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/parcel.yaml @@ -29,23 +29,23 @@ array_relationships: name: expansion_set schema: sequencing select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: "*" filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: "*" filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: "*" filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: "*" check: {} @@ -53,13 +53,13 @@ insert_permissions: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [channel_dictionary_id, command_dictionary_id, name, sequence_adaptation_id, owner] filter: {} set: updated_by: "x-hasura-user-id" delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/parcel_to_parameter_dictionary.yaml b/deployment/hasura/metadata/databases/tables/sequencing/parcel_to_parameter_dictionary.yaml index 5d96fc4fc3..2f5317118e 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/parcel_to_parameter_dictionary.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/parcel_to_parameter_dictionary.yaml @@ -11,27 +11,27 @@ object_relationships: using: foreign_key_constraint_on: parameter_dictionary_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: "*" filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: "*" filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: "*" filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: "*" check: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/rule_expansion_set_view.yaml b/deployment/hasura/metadata/databases/tables/sequencing/rule_expansion_set_view.yaml index dbf663a280..13bd1efbf3 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/rule_expansion_set_view.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/rule_expansion_set_view.yaml @@ -14,17 +14,17 @@ array_relationships: column_mapping: rule_id: id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/sequence.yaml b/deployment/hasura/metadata/databases/tables/sequencing/sequence.yaml index 6899d5d54c..ecbda13a14 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/sequence.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/sequence.yaml @@ -18,39 +18,39 @@ array_relationships: name: sequence_to_simulated_activity schema: sequencing select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [seq_id, simulation_dataset_id, created_at, metadata] check: {} - - role: 2-user + - role: user permission: columns: [seq_id, simulation_dataset_id, created_at, metadata] check: {} update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [metadata] filter: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/sequence_adaptation.yaml b/deployment/hasura/metadata/databases/tables/sequencing/sequence_adaptation.yaml index de04ea4d07..be4d29f1c0 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/sequence_adaptation.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/sequence_adaptation.yaml @@ -4,23 +4,23 @@ table: configuration: custom_name: "sequence_adaptation" select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: "*" filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: "*" filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: "*" filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [adaptation, name] check: {} @@ -28,13 +28,13 @@ insert_permissions: owner: "x-hasura-user-id" updated_by: "x-hasura-user-id" update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [adaptation, name, owner] filter: {} set: updated_by: "x-hasura-user-id" delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/sequence_filter.yaml b/deployment/hasura/metadata/databases/tables/sequencing/sequence_filter.yaml index ceba637a6f..68161d1a8f 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/sequence_filter.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/sequence_filter.yaml @@ -8,39 +8,39 @@ object_relationships: using: foreign_key_constraint_on: model_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [filter, model_id, name] check: {} - - role: 2-user + - role: user permission: columns: [filter, model_id, name] check: {} update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [filter, name] filter: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/sequence_template.yaml b/deployment/hasura/metadata/databases/tables/sequencing/sequence_template.yaml index 5aa6dd28bf..2c61acef33 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/sequence_template.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/sequence_template.yaml @@ -4,47 +4,47 @@ table: configuration: custom_name: "sequence_template" select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [name, model_id, parcel_id, template_definition, activity_type, language, owner] check: {} set: owner: "x-hasura-user-id" - - role: 2-user + - role: user permission: columns: [name, model_id, parcel_id, template_definition, activity_type, language, owner] check: {} set: owner: "x-hasura-user-id" update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [name, model_id, parcel_id, template_definition, activity_type, language, owner] filter: {} - - role: 2-user + - role: user permission: columns: [name, model_id, parcel_id, template_definition, activity_type, language, owner] filter: {"owner":{"_eq":"x-hasura-user-id"}} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"owner":{"_eq":"x-hasura-user-id"}} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/sequence_to_simulated_activity.yaml b/deployment/hasura/metadata/databases/tables/sequencing/sequence_to_simulated_activity.yaml index 9e336c272d..9d2296aa07 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/sequence_to_simulated_activity.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/sequence_to_simulated_activity.yaml @@ -17,43 +17,43 @@ object_relationships: name: simulated_activity schema: merlin select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [simulated_activity_id, simulation_dataset_id, seq_id] check: {} - - role: 2-user + - role: user permission: columns: [simulated_activity_id, simulation_dataset_id, seq_id] check: {} update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [simulated_activity_id, simulation_dataset_id, seq_id] filter: {} - - role: 2-user + - role: user permission: columns: [simulated_activity_id, simulation_dataset_id, seq_id] filter: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/sequencing/workspace.yaml b/deployment/hasura/metadata/databases/tables/sequencing/workspace.yaml index e599d90199..26ee11b3e7 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/workspace.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/workspace.yaml @@ -23,29 +23,29 @@ array_relationships: name: action_definition schema: actions select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [name, owner, parcel_id] filter: {} set: updated_by: "x-hasura-user-id" - - role: 2-user + - role: user permission: columns: [name, owner, parcel_id] filter: { "owner": { "_eq": "x-hasura-user-id" } } diff --git a/deployment/hasura/metadata/databases/tables/sequencing/workspace_collaborators.yaml b/deployment/hasura/metadata/databases/tables/sequencing/workspace_collaborators.yaml index 48f98fc6a9..321367cba2 100644 --- a/deployment/hasura/metadata/databases/tables/sequencing/workspace_collaborators.yaml +++ b/deployment/hasura/metadata/databases/tables/sequencing/workspace_collaborators.yaml @@ -8,34 +8,34 @@ object_relationships: using: foreign_key_constraint_on: workspace_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [workspace_id, collaborator] check: {} - - role: 2-user + - role: user permission: columns: [workspace_id, collaborator] check: {"workspace":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"workspace":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}} diff --git a/deployment/hasura/metadata/databases/tables/tags/activity_directive_tags.yaml b/deployment/hasura/metadata/databases/tables/tags/activity_directive_tags.yaml index cdc6ac33d0..c506e2bd50 100644 --- a/deployment/hasura/metadata/databases/tables/tags/activity_directive_tags.yaml +++ b/deployment/hasura/metadata/databases/tables/tags/activity_directive_tags.yaml @@ -11,34 +11,34 @@ object_relationships: using: foreign_key_constraint_on: tag_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [plan_id, directive_id, tag_id] check: {} - - role: 2-user + - role: user permission: columns: [plan_id, directive_id, tag_id] check: {"activity_directive": {"plan":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}}} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"activity_directive": {"plan":{"_or":[{"owner":{"_eq":"X-Hasura-User-Id"}},{"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}}} diff --git a/deployment/hasura/metadata/databases/tables/tags/constraint_definition_tags.yaml b/deployment/hasura/metadata/databases/tables/tags/constraint_definition_tags.yaml index bd5311f9bd..291fe991a7 100644 --- a/deployment/hasura/metadata/databases/tables/tags/constraint_definition_tags.yaml +++ b/deployment/hasura/metadata/databases/tables/tags/constraint_definition_tags.yaml @@ -13,37 +13,37 @@ object_relationships: using: foreign_key_constraint_on: tag_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [constraint_id, constraint_revision, tag_id] check: {} - - role: 2-user + - role: user permission: columns: [constraint_id, constraint_revision, tag_id] check: {"constraint_definition":{"_or":[ {"author":{"_eq":"X-Hasura-User-Id"}}, {"metadata":{"owner":{"_eq":"X-Hasura-User-Id"}}}]}} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"constraint_definition":{"_or":[ {"author":{"_eq":"X-Hasura-User-Id"}}, diff --git a/deployment/hasura/metadata/databases/tables/tags/constraint_tags.yaml b/deployment/hasura/metadata/databases/tables/tags/constraint_tags.yaml index e7929da7e2..933d735e11 100644 --- a/deployment/hasura/metadata/databases/tables/tags/constraint_tags.yaml +++ b/deployment/hasura/metadata/databases/tables/tags/constraint_tags.yaml @@ -11,34 +11,34 @@ object_relationships: using: foreign_key_constraint_on: tag_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [constraint_id, tag_id] check: {} - - role: 2-user + - role: user permission: columns: [constraint_id, tag_id] check: {"constraint_metadata":{"owner":{"_eq":"X-Hasura-User-Id"}}} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"constraint_metadata":{"owner":{"_eq":"X-Hasura-User-Id"}}} diff --git a/deployment/hasura/metadata/databases/tables/tags/expansion_rule_tags.yaml b/deployment/hasura/metadata/databases/tables/tags/expansion_rule_tags.yaml index 9654d4adb4..5de9ea4251 100644 --- a/deployment/hasura/metadata/databases/tables/tags/expansion_rule_tags.yaml +++ b/deployment/hasura/metadata/databases/tables/tags/expansion_rule_tags.yaml @@ -11,34 +11,34 @@ object_relationships: using: foreign_key_constraint_on: tag_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [rule_id, tag_id] check: {} - - role: 2-user + - role: user permission: columns: [rule_id, tag_id] check: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/tags/plan_snapshot_tags.yaml b/deployment/hasura/metadata/databases/tables/tags/plan_snapshot_tags.yaml index 6b23b1081c..2db49da21c 100644 --- a/deployment/hasura/metadata/databases/tables/tags/plan_snapshot_tags.yaml +++ b/deployment/hasura/metadata/databases/tables/tags/plan_snapshot_tags.yaml @@ -11,37 +11,37 @@ object_relationships: using: foreign_key_constraint_on: tag_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [snapshot_id, tag_id] check: {} - - role: 2-user + - role: user permission: columns: [snapshot_id, tag_id] check: {"plan_snapshot":{"plan":{"_or":[ {"owner":{"_eq":"X-Hasura-User-Id"}}, {"collaborators":{"collaborator":{"_eq":"X-Hasura-User-Id"}}}]}}} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"plan_snapshot":{"plan":{"_or":[ {"owner":{"_eq":"X-Hasura-User-Id"}}, diff --git a/deployment/hasura/metadata/databases/tables/tags/plan_tags.yaml b/deployment/hasura/metadata/databases/tables/tags/plan_tags.yaml index 2d9beb1290..c9ab4b62ce 100644 --- a/deployment/hasura/metadata/databases/tables/tags/plan_tags.yaml +++ b/deployment/hasura/metadata/databases/tables/tags/plan_tags.yaml @@ -11,34 +11,34 @@ object_relationships: using: foreign_key_constraint_on: tag_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [plan_id, tag_id] check: {} - - role: 2-user + - role: user permission: columns: [plan_id, tag_id] check: {"plan": {"owner":{"_eq":"X-Hasura-User-Id"}}} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"plan": {"owner":{"_eq":"X-Hasura-User-Id"}}} diff --git a/deployment/hasura/metadata/databases/tables/tags/scheduling_condition_definition_tags.yaml b/deployment/hasura/metadata/databases/tables/tags/scheduling_condition_definition_tags.yaml index 6156512e34..6e49a2efbe 100644 --- a/deployment/hasura/metadata/databases/tables/tags/scheduling_condition_definition_tags.yaml +++ b/deployment/hasura/metadata/databases/tables/tags/scheduling_condition_definition_tags.yaml @@ -13,37 +13,37 @@ object_relationships: using: foreign_key_constraint_on: tag_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [condition_id, condition_revision, tag_id] check: {} - - role: 2-user + - role: user permission: columns: [condition_id, condition_revision, tag_id] check: {"condition_definition":{"_or":[ {"author":{"_eq":"X-Hasura-User-Id"}}, {"metadata":{"owner":{"_eq":"X-Hasura-User-Id"}}}]}} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"condition_definition":{"_or":[ {"author":{"_eq":"X-Hasura-User-Id"}}, diff --git a/deployment/hasura/metadata/databases/tables/tags/scheduling_condition_tags.yaml b/deployment/hasura/metadata/databases/tables/tags/scheduling_condition_tags.yaml index b63764fc75..de03b68035 100644 --- a/deployment/hasura/metadata/databases/tables/tags/scheduling_condition_tags.yaml +++ b/deployment/hasura/metadata/databases/tables/tags/scheduling_condition_tags.yaml @@ -11,34 +11,34 @@ object_relationships: using: foreign_key_constraint_on: tag_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [condition_id, tag_id] check: {} - - role: 2-user + - role: user permission: columns: [condition_id, tag_id] check: {"condition_metadata":{"owner":{"_eq":"X-Hasura-User-Id"}}} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"condition_metadata":{"owner":{"_eq":"X-Hasura-User-Id"}}} diff --git a/deployment/hasura/metadata/databases/tables/tags/scheduling_goal_definition_tags.yaml b/deployment/hasura/metadata/databases/tables/tags/scheduling_goal_definition_tags.yaml index 7bcedaccac..1e0cd51906 100644 --- a/deployment/hasura/metadata/databases/tables/tags/scheduling_goal_definition_tags.yaml +++ b/deployment/hasura/metadata/databases/tables/tags/scheduling_goal_definition_tags.yaml @@ -13,37 +13,37 @@ object_relationships: using: foreign_key_constraint_on: tag_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [goal_id, goal_revision, tag_id] check: {} - - role: 2-user + - role: user permission: columns: [goal_id, goal_revision, tag_id] check: {"goal_definition":{"_or":[ {"author":{"_eq":"X-Hasura-User-Id"}}, {"metadata":{"owner":{"_eq":"X-Hasura-User-Id"}}}]}} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"goal_definition":{"_or":[ {"author":{"_eq":"X-Hasura-User-Id"}}, diff --git a/deployment/hasura/metadata/databases/tables/tags/scheduling_goal_tags.yaml b/deployment/hasura/metadata/databases/tables/tags/scheduling_goal_tags.yaml index 723dc0c1d8..000d8d8202 100644 --- a/deployment/hasura/metadata/databases/tables/tags/scheduling_goal_tags.yaml +++ b/deployment/hasura/metadata/databases/tables/tags/scheduling_goal_tags.yaml @@ -11,34 +11,34 @@ object_relationships: using: foreign_key_constraint_on: tag_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [goal_id, tag_id] check: {} - - role: 2-user + - role: user permission: columns: [goal_id, tag_id] check: {"goal_metadata":{"owner":{"_eq":"X-Hasura-User-Id"}}} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"goal_metadata":{"owner":{"_eq":"X-Hasura-User-Id"}}} diff --git a/deployment/hasura/metadata/databases/tables/tags/snapshot_activity_tags.yaml b/deployment/hasura/metadata/databases/tables/tags/snapshot_activity_tags.yaml index 86c89d6d18..29a331e901 100644 --- a/deployment/hasura/metadata/databases/tables/tags/snapshot_activity_tags.yaml +++ b/deployment/hasura/metadata/databases/tables/tags/snapshot_activity_tags.yaml @@ -11,22 +11,22 @@ object_relationships: using: foreign_key_constraint_on: tag_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/tags/tags.yaml b/deployment/hasura/metadata/databases/tables/tags/tags.yaml index d6d7296b80..a37bf51012 100644 --- a/deployment/hasura/metadata/databases/tables/tags/tags.yaml +++ b/deployment/hasura/metadata/databases/tables/tags/tags.yaml @@ -4,47 +4,47 @@ table: configuration: custom_name: "tags" select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [name, color] check: {} set: owner: "x-hasura-user-id" - - role: 2-user + - role: user permission: columns: [name, color] check: {} set: owner: "x-hasura-user-id" update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [name, color, owner] filter: {} - - role: 2-user + - role: user permission: columns: [name, color, owner] filter: {"owner":{"_eq":"X-Hasura-User-Id"}} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"owner":{"_eq":"X-Hasura-User-Id"}} diff --git a/deployment/hasura/metadata/databases/tables/ui/extension_roles.yaml b/deployment/hasura/metadata/databases/tables/ui/extension_roles.yaml index bae3c7ff4b..cd85072e13 100644 --- a/deployment/hasura/metadata/databases/tables/ui/extension_roles.yaml +++ b/deployment/hasura/metadata/databases/tables/ui/extension_roles.yaml @@ -8,32 +8,32 @@ object_relationships: using: foreign_key_constraint_on: extension_id select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [extension_id, role] check: {} update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [role] filter: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/ui/extensions.yaml b/deployment/hasura/metadata/databases/tables/ui/extensions.yaml index 4d8fbae6e5..d376ac71d0 100644 --- a/deployment/hasura/metadata/databases/tables/ui/extensions.yaml +++ b/deployment/hasura/metadata/databases/tables/ui/extensions.yaml @@ -12,34 +12,34 @@ array_relationships: name: extension_roles schema: ui select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [description, label, url] check: {} set: owner: "x-hasura-user-id" update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [description, label, owner, url] filter: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/ui/file_extension_content_type.yaml b/deployment/hasura/metadata/databases/tables/ui/file_extension_content_type.yaml index ac48047910..36cd5ce748 100644 --- a/deployment/hasura/metadata/databases/tables/ui/file_extension_content_type.yaml +++ b/deployment/hasura/metadata/databases/tables/ui/file_extension_content_type.yaml @@ -4,32 +4,32 @@ table: configuration: custom_name: "file_extension_content_type" select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [file_extension, content_type] check: {} update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [content_type] filter: {} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/deployment/hasura/metadata/databases/tables/ui/view.yaml b/deployment/hasura/metadata/databases/tables/ui/view.yaml index 3710ae9e54..162c6f86ee 100644 --- a/deployment/hasura/metadata/databases/tables/ui/view.yaml +++ b/deployment/hasura/metadata/databases/tables/ui/view.yaml @@ -4,47 +4,47 @@ table: configuration: custom_name: "view" select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: '*' filter: {} allow_aggregations: true - - role: 3-user + - role: viewer permission: columns: '*' filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [definition, name] check: {} set: owner: "x-hasura-user-id" - - role: 2-user + - role: user permission: columns: [definition, name] check: {} set: owner: "x-hasura-user-id" update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [definition, name, owner] filter: {} - - role: 2-user + - role: user permission: columns: [definition, name, owner] filter: {"owner":{"_eq":"x-hasura-user-id"}} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} - - role: 2-user + - role: user permission: filter: {"owner":{"_eq":"x-hasura-user-id"}} diff --git a/deployment/hasura/migrations/Aerie/23_plan_model_migration/down.sql b/deployment/hasura/migrations/Aerie/23_plan_model_migration/down.sql index 5f8d04b87e..7768ac22a2 100644 --- a/deployment/hasura/migrations/Aerie/23_plan_model_migration/down.sql +++ b/deployment/hasura/migrations/Aerie/23_plan_model_migration/down.sql @@ -31,8 +31,8 @@ declare _function_permission permissions.permission; begin _role := permissions.get_role(hasura_session); - -- The 1-aerie_admin role is always treated as having NO_CHECK permissions on all functions. - if _role = '1-aerie_admin' then return 'NO_CHECK'; end if; + -- The aerie_admin role is always treated as having NO_CHECK permissions on all functions. + if _role = 'aerie_admin' then return 'NO_CHECK'; end if; select (function_permissions ->> _function::text)::permissions.permission from permissions.user_role_permission urp diff --git a/deployment/postgres-init-db/sql/default_user_roles.sql b/deployment/postgres-init-db/sql/default_user_roles.sql index 5002f28944..f6a6defb97 100644 --- a/deployment/postgres-init-db/sql/default_user_roles.sql +++ b/deployment/postgres-init-db/sql/default_user_roles.sql @@ -1,12 +1,12 @@ -- Default Roles: -insert into permissions.user_roles(role) values ('1-aerie_admin'), ('2-user'), ('3-viewer'); +insert into permissions.user_roles(role) values ('aerie_admin'), ('user'), ('viewer'); -- Permissions For Default Roles: --- '1-aerie_admin' permissions aren't specified since '1-aerie_admin' is always considered to have "NO_CHECK" permissions +-- 'aerie_admin' permissions aren't specified since 'aerie_admin' is always considered to have "NO_CHECK" permissions update permissions.user_role_permission set action_permissions = '{}', function_permissions = '{}' -where role = '1-aerie_admin'; +where role = 'aerie_admin'; update permissions.user_role_permission set action_permissions = '{ @@ -47,7 +47,7 @@ set action_permissions = '{ "set_resolution_bulk": "PLAN_OWNER_TARGET", "withdraw_merge_rq": "PLAN_OWNER_SOURCE" }' -where role = '2-user'; +where role = 'user'; update permissions.user_role_permission set action_permissions = '{ @@ -59,9 +59,9 @@ set action_permissions = '{ "get_non_conflicting_activities": "NO_CHECK", "get_plan_history": "NO_CHECK" }' -where role = '3-viewer'; +where role = 'viewer'; -- Default Users: insert into permissions.users(username, default_role) - values ('Mission Model', '3-viewer'), - ('Aerie Legacy', '3-viewer'); + values ('Mission Model', 'viewer'), + ('Aerie Legacy', 'viewer'); diff --git a/deployment/postgres-init-db/sql/functions/permissions/get_function_permissions.sql b/deployment/postgres-init-db/sql/functions/permissions/get_function_permissions.sql index 27f4aad2d8..c48203a418 100644 --- a/deployment/postgres-init-db/sql/functions/permissions/get_function_permissions.sql +++ b/deployment/postgres-init-db/sql/functions/permissions/get_function_permissions.sql @@ -7,8 +7,8 @@ declare _function_permission permissions.permission; begin _role := permissions.get_role(hasura_session); - -- The 1-aerie_admin role is always treated as having NO_CHECK permissions on all functions. - if _role = '1-aerie_admin' then return 'NO_CHECK'; end if; + -- The aerie_admin role is always treated as having NO_CHECK permissions on all functions. + if _role = 'aerie_admin' then return 'NO_CHECK'; end if; select (function_permissions ->> _function::text)::permissions.permission from permissions.user_role_permission urp diff --git a/permissions/src/main/java/gov/nasa/jpl/aerie/permissions/PermissionsService.java b/permissions/src/main/java/gov/nasa/jpl/aerie/permissions/PermissionsService.java index 6fc73c925c..33047a6b2e 100644 --- a/permissions/src/main/java/gov/nasa/jpl/aerie/permissions/PermissionsService.java +++ b/permissions/src/main/java/gov/nasa/jpl/aerie/permissions/PermissionsService.java @@ -38,7 +38,7 @@ public void check( private PermissionType getActionPermission(final Action action, final String role) throws Unauthorized, IOException, PermissionsServiceException { - if (role.equals("1-aerie_admin")) { + if (role.equals("aerie_admin")) { return PermissionType.NO_CHECK; } return gqlService.getActionPermission(action, role); From 60e5f1b03a1d5b8293ff82bde85c28a68bfef6da Mon Sep 17 00:00:00 2001 From: psubram3 Date: Fri, 29 Aug 2025 09:36:49 -0700 Subject: [PATCH 5/7] undo prefixes to roles --- .../databases/tables/permissions/users.yaml | 20 +++++++++---------- e2e-tests/oauth/realm-export.json | 6 +++--- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/deployment/hasura/metadata/databases/tables/permissions/users.yaml b/deployment/hasura/metadata/databases/tables/permissions/users.yaml index 7ffe7d04b7..275858eaff 100644 --- a/deployment/hasura/metadata/databases/tables/permissions/users.yaml +++ b/deployment/hasura/metadata/databases/tables/permissions/users.yaml @@ -4,48 +4,48 @@ table: configuration: custom_name: "users" select_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: '*' filter: {} allow_aggregations: true - - role: 2-user + - role: user permission: columns: [username] filter: {} allow_aggregations: true - - role: 3-viewer + - role: viewer permission: columns: [username] filter: {} allow_aggregations: true insert_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [username, default_role] check: {} - - role: 2-user + - role: user permission: columns: [username, default_role] check: {"username":{"_eq":"X-Hasura-User-Id"}} - - role: 3-viewer + - role: viewer permission: columns: [username, default_role] check: {"username":{"_eq":"X-Hasura-User-Id"}} update_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: columns: [username, default_role] filter: {} - - role: 2-user + - role: user permission: columns: [username, default_role] filter: {"username":{"_eq":"X-Hasura-User-Id"}} - - role: 3-viewer + - role: viewer permission: columns: [username, default_role] filter: {"username":{"_eq":"X-Hasura-User-Id"}} delete_permissions: - - role: 1-aerie_admin + - role: aerie_admin permission: filter: {} diff --git a/e2e-tests/oauth/realm-export.json b/e2e-tests/oauth/realm-export.json index b67b47c607..0633a31577 100644 --- a/e2e-tests/oauth/realm-export.json +++ b/e2e-tests/oauth/realm-export.json @@ -89,7 +89,7 @@ } ], "clientRoles": { - "aerie": ["3-viewer", "2-user", "1-aerie_admin"] + "aerie": ["viewer", "user", "aerie_admin"] } }, { @@ -106,7 +106,7 @@ } ], "clientRoles": { - "aerie": ["3-viewer", "2-user"] + "aerie": ["viewer", "user"] } }, { @@ -123,7 +123,7 @@ } ], "clientRoles": { - "aerie": ["3-viewer"] + "aerie": ["viewer"] } } ] From a38ea53da38bc4daffdc734b7aa9c5dab9a739f7 Mon Sep 17 00:00:00 2001 From: AaronPlave Date: Thu, 12 Feb 2026 16:27:30 -0800 Subject: [PATCH 6/7] Tweak realm-export --- e2e-tests/oauth/realm-export.json | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/e2e-tests/oauth/realm-export.json b/e2e-tests/oauth/realm-export.json index 0633a31577..600316b8b9 100644 --- a/e2e-tests/oauth/realm-export.json +++ b/e2e-tests/oauth/realm-export.json @@ -2,7 +2,17 @@ "id": "aerie-dev", "realm": "aerie-dev", "enabled": "true", + "sslRequired": "none", "defaultSignatureAlgorithm": "RS256", + "roles": { + "client": { + "aerie": [ + { "name": "viewer", "clientRole": true }, + { "name": "user", "clientRole": true }, + { "name": "aerie_admin", "clientRole": true } + ] + } + }, "clients": [ { "id": "aerie", @@ -46,7 +56,7 @@ "config": { "introspection.token.claim": "true", "userinfo.token.claim": "true", - "user.attribute": "id", + "user.attribute": "username", "id.token.claim": "true", "lightweight.claim": "false", "access.token.claim": "true", From 11602af8539e2a760aa6bc60009de6d306a363eb Mon Sep 17 00:00:00 2001 From: AaronPlave Date: Thu, 12 Feb 2026 16:27:37 -0800 Subject: [PATCH 7/7] Fix compose --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index fe331aa928..02afd2cd00 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -45,7 +45,7 @@ services: GATEWAY_DB_PASSWORD: "${GATEWAY_PASSWORD}" # image: "aerie-gateway:no-auth-1" build: - context: ../../NASA-AMMOS/aerie-gateway + context: ../aerie-gateway dockerfile: Dockerfile ports: ["9000:9000"] restart: always